News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Christopher Kunz's Blog:
Hardened-PHP Advisory 22/2005 - phpSysInfo
November 14, 2005 @ 05:28:03

From This note on Christopher Kunz's blog today, there's a mention of the "Multiple vulnerabilities in phpSysInfo" that the Hardened-PHP Group posted yesterday on their site.

phpSysInfo is a PHP script that displays information about the host being accessed. It will displays things like Uptime, CPU, Memory, SCSI, IDE, PCI, Ethernet, Floppy, and Video Information.

A number of holes - all of them attributed to a rather crude (and unneeded) register_globals emulation - allow for arbitrary file inclusion, amongst other things.

I know that phpSysInfo is pretty widely spread (I know I used to use it pretty heavily), so this kind of thing could cause some pretty massive problems. To take care of the problem, you can check out the extended description for more information...

0 comments voice your opinion now!
security advisory phpsysinfo security advisory phpsysinfo


blog comments powered by Disqus

Similar Posts

Christian Wenz's Blog: SANS Top-20 Internet Security Attack Targets (2006 Annual Update)

Ivo Jansch\'s Blog: How a PHP notice revealed a quirk of Norton Internet Security

Symfony Blog: New symfony security policy

PHPClasses.org: Lately in PHP Podcast #48 - To TDD or Not TDD?

Community News: PHP 5.2.1 Released


Community Events

Don't see your event here?
Let us know!


introduction library wordpress unittest community framework podcast laravel5 extension series release api threedevsandamaybe voicesoftheelephpant interview development laravel feature language opinion

All content copyright, 2015 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework