Re: [Full-disclosure] Re: phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit.
Le jeudi 27 octobre 2005 à 08:54 -0500, Tatercrispies a écrit :
> And I really don't see how this could ever be used to execute
> server-side script unless for some bizarre reason you had your
> webserver so completely misconfigured as to be beyond imagination. Why
> would you be parsing image files through the PHP interpreter.
Please look at http://shsc.info/FileUploadSecurity#titelanker5 ...
And yes, it happens in real life scenarios !
Nicob