Security matters, specially for PHP-Magazine, some source code publicly accessible!


PHP-Magazine has fixed this secutrity leak, it is not possible to read any source code. This posting ist not up to date anymore

------------------------------------------------------
It is not an April joke! I read frequently PHP-Magazine (http://php-mag.net http://php-mag.de), Yesterday I discovered some interesting things, because I was able, to read some source code and they are still publicly available. I don’t want to write, how I could read the source code, because there are always some people out side, who want play with it. Very important, they have register_globals on. I hope, they fix it as soon as possible.

I found out, that they use the Powerslave content management system, and they have installed it in this directory. /var/httpd/powerslave. As I surfed to site of the company, who has written Powerslave, I found out, that many sites in Germany use this content management system. I hope, they fix it, as soon as possible.

To all user of the Powerslave, try to get a new version, or a patch, or ask me for a quick solution.

add new comment | read more

Reply

The content of this field is kept private and will not be shown publicly.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.
  • You may post code using <code>...</code> (generic) or <?php ... ?> (highlighted PHP) tags.

Datenschutz | Impressum