<<< Date Index >>>     <<< Thread Index >>>

Re: Critical phpwiki c99shell exploit



Hello,

Gadi Evron wrote:
This is a good best practice, but it doesn't hold water long
range. Further, where do you disallow these extensions? In the
application?
Mostly what the bad guys would do is upload, say.. .jpg, and then rename
it.

This is what I do in Apache to directories used to store user
uploaded files:

<Directory "/var/www/html/application/uploaded">
  php_admin_flag engine off
</Directory>

--
  Taneli Leppä         | Crasman Co Ltd
  <taneli@xxxxxxxxxx>  | <http://www.crasman.fi/>