PHP injection vulnerability?
Steve
PHP injection vulnerability?
Posted:27 Dec 2007 (19:04 UTC)Anonymous
Re: PHP injection vulnerability?
Posted:28 Dec 2007 (08:16 UTC)I read, "if comments are allowed, attackers can use this url /wiki/index.php?page_id=1#editcomments to POST evil scripts and PHP code into the page" - really? I thought HTMLPurifier takes care of this, which has been around since long before version 2?
The other thing, " White Screen of Death: (SQL Injection) - Critical information is listed o nthis page when you inject evil code" ... you can prevent that by setting IS_LIVE to true in kernel/config_inc.php for live servers.
The other thing, " White Screen of Death: (SQL Injection) - Critical information is listed o nthis page when you inject evil code" ... you can prevent that by setting IS_LIVE to true in kernel/config_inc.php for live servers.
Page 1 of 1 1