| 1 |
There is an XSS vulnerability in PHP that affects some stable webapps. |
| 2 |
Details can be found here: |
| 3 |
http://www.php-security.org/MOPB/MOPB-08-2007.html |
| 4 |
|
| 5 |
I know this affects phpWebSite since there is a phpinfo file in setup. |
| 6 |
This will be removed upstream. All other apps need checked as well. I'm |
| 7 |
running PHP Version 5.1.6-pl6-gentoo on my laptop right now and the XSS |
| 8 |
attack works quite well. Not sure who maintains anything with regard to |
| 9 |
webapps nowadays. I've come up with no response to several inquiries. |
| 10 |
Figured everyone on the list would like to secure their servers in the |
| 11 |
meanwhile. |
| 12 |
|
| 13 |
Wendall |
| 14 |
|
| 15 |
-- |
| 16 |
Only wimps use tape backup: _real_ men just upload their important stuff |
| 17 |
on ftp, and let the rest of the world mirror it ;) |
| 18 |
-- Linus Torvalds |
Archives