Do you read monthly bug reports? I never did, and don't think I ever will, cause I don't see a point - you just need to watch for DaveN's blog :)
As he discovered phpinfo() has an XSS vulnerability (PHP 4.3.3 - 4.3.6 are affected) so you can pass the link(s) as a parameter to any phpinfo() page and it will show it on the page. Well, there are a lot of phpinfo pages availble on the net, and a lot of them even have PR>3
I bet BlackHat SEOs soon will start sponsoring developers to make backdoors like that open.
Or did it already happen ? :)
Take care,
Alex
Подписаться на:
Комментарии к сообщению (Atom)
Комментариев нет:
Отправить комментарий