PHP injection vulnerability?


PHP injection vulnerability?

Posted:27 Dec 2007 (19:04 UTC)
Is there any workaround for the recently discovered PHP injection
vulnerability reported here?

Re: PHP injection vulnerability?

Posted:28 Dec 2007 (08:16 UTC)
I read, "if comments are allowed, attackers can use this url /wiki/index.php?page_id=1#editcomments to POST evil scripts and PHP code into the page" - really? I thought HTMLPurifier takes care of this, which has been around since long before version 2?

The other thing, " White Screen of Death: (SQL Injection) - Critical information is listed o nthis page when you inject evil code" ... you can prevent that by setting IS_LIVE to true in kernel/config_inc.php for live servers.
  Page 1 of 1  1