|
-
February 18th, 2009, 07:08 AM
#5
There was a exploit with IE where you can run Machine code in the image when displayed to the end user.
I wouldn't call a graphical API a problem with IE.
this will be saved as this-is.php on your server, i think only works with linux web servers.
Um, you do realise PHP can be installed on pretty much anything right?
so best would be to use some number when saving file on the server side.
The best thing to do would be to prevent people from uploading web based scripts altogether. Meh... you wouldn't beleave how quickly search engines pick up on junk like r57 and c99shell. Infact, ten seconds after some chump uploads scripts like that someone else will have already gained enought privileges to overwrite everything in the web directory.
The article didnt really say how he did it, so he might of used the php method.
You may want to take another look at the link that was posted.
Last edited by The-Spec; February 19th, 2009 at 03:47 AM.
Similar Threads
-
By skiddieleet in forum Other Tutorials Forum
Replies: 4
Last Post: July 29th, 2005, 01:43 PM
-
By nebulus200 in forum Security News
Replies: 2
Last Post: July 1st, 2005, 11:24 AM
-
By Lone1337 in forum AntiOnline's General Chit Chat
Replies: 7
Last Post: August 23rd, 2002, 04:16 PM
-
By zigar in forum AntiOnline's General Chit Chat
Replies: 10
Last Post: February 22nd, 2002, 02:24 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote