[LAC] security - hosting audi pictures with phpix?
Henry A Harper III
hah at alumni.rice.edu
Tue Feb 17 15:54:33 EST 2004
Haudi,
I know I have seen some pictures of intercoolers and stuff via phpix on
listers' sites. I was recently "made aware" of the following vulnerability:
http://www.securitytracker.com/alerts/2004/Jan/1008782.html
which allowed the intruder to start a chat and ftp server on my linux box...too
bad (for *them*) about the hardware firewall which wasn't allowing any incoming
connections.
If you've already done a security audit on all the code on your computer that
you didn't write, feel free to disregard :) - otherwise you might want to throw
a little regex filter on the phpix (and anything else while you are at it)
input parameters. I can supply example code if needed.
HTH
Henry Harper
http://www.henry-harper.com hah at alumni.rice.edu
1991 200 quattro, 120k
1988 GTI 16v, 239k
More information about the quattro
mailing list