[Pdx-pm] [csieh at fnal.gov: Re: Horribly Broken RHEL5/SL5 Perl]
Daniel Johnson
teknotus at gmail.com
Tue Aug 26 15:05:33 PDT 2008
> (And now I'm just more thankful that I do not deal with PHP... no
> wonder so many PHP sites are exploited)
Actually PHP is much worse.
In PHP 4, and earlier the default is...
http://example.com?foo=bar
effectively does
my foo = bar;
in package main
Combined with other PHP options you can read/write/execute all kinds of stuff.
More information about the Pdx-pm-list
mailing list