- 2-4 cross site scripting (always check users' input)
- 5-4 code injection (allow_url_fopen + include)
http://technosailor.com/2005/02/02/lessons-in-web-security-php-and-remote-file-execution/
http://zakariarouf.wordpress.com/2007/12/05/url-injection-hacking-website-taking-control-php/
http://venetsian.com/php-web-hosting-security-allow_url_fopen/
No comments:
Post a Comment