The 5th Annual China PHP Conference

Voting

Please answer this simple SPAM challenge: eight plus zero?
(Example: nine)

The Note You're Voting On

steelchords at yahoo dot com
10 years ago
It seems to me in this particular instance that a simple check to make sure that name or partial pathname doesn't already exist would prevent this attack... if a 'passwd/etc/...' existed as the password directory, you couldn't create a username to exploit the hole in the first place.  But that's only from a 'script user' perspective, it still doesn't protect your server from other sub-admin's badly written code.

Don For

<< Back to user notes page

To Top