[Pdx-pm] [csieh at fnal.gov: Re: Horribly Broken RHEL5/SL5 Perl]

Daniel Johnson teknotus at gmail.com
Tue Aug 26 15:05:33 PDT 2008


> (And now I'm just more thankful that I do not deal with PHP... no
> wonder so many PHP sites are exploited)

Actually PHP is much worse.

In PHP 4, and earlier the default is...

http://example.com?foo=bar

effectively does
my foo = bar;
in package main

Combined with other PHP options you can read/write/execute all kinds of stuff.


More information about the Pdx-pm-list mailing list