4.2.2 Security Hole

The latest news can be found here.

4.2.2 Security Hole

Postby Jeremy » 2006-05-02 07:33 pm

If you are running Aardvark Topsites PHP 4.2.2 on a server with PHP's register_globals enabled, there is a serious security hole that is currently being exploited on some websites.

Aardvark Topsites PHP 5 is not affected by this bug.

To see if your server has register_globals enabled, create a file named phpinfo.php with this contents:
Code: Select all
<?php
phpinfo();
?>

Upload it to your topsites folder and go to it in your browser. Look for the table row for register_globals. If the first column says "Off", then you are fine. If it says "On", then you are affected.

To remedy this problem, it is recommended that you upgrade to the latest version and/or disable register_globals on your server.

If that is not an option, then create a file named .htaccess with this contents:
Code: Select all
php_value register_globals Off

Upload it to your topsites folder. Then check phpinfo.php to confirm that register_globals is disabled.
Jeremy
Supreme Diety
 
Posts: 8922
Joined: 2003-05-05 04:41 pm
Location: NJ, USA

Return to News

Who is online

Users browsing this forum: No registered users and 1 guest

cron