No uname eh? What is also interesting is that your site has no admins nor moderators. You can't even setup an author?
As for the link, its a complete directory listing. I placed it in analyzer because many times we ask folks about missing files, etc. Now with analyzer, we can look ourselves saving much time.
In the meantime, one more quick re-download of anal.tar.gz? Its release 1.89 now. This should be ready for release after another test or two.
_________________ Paul Laudanski, Microsoft MVP Windows-Security
CastleCops: [de] [en] [wiki]
BillShiver Nuke Soldier
Joined: Jan 30, 2003
Posts: 34
Location: USA
Posted:
Sun Feb 02, 2003 6:43 am
I know the lack of a uname on the db is odd, but for testing purposes I do this because my server provider has to set those for me. I understand it could cause some probllems and would not do that on a working site.
In fact, I was set up as admin. The sysem told me I was "God". I went in and setup another just to be sure it worked and it did, so now there are two admins.
Thanks again, and I see that 7 is out. Don't know if I should bother with it at this point or not. What's your feeling?
Bill
Zhen-Xjell Nuke Cops Founder
Joined: Nov 14, 2002
Posts: 5939
Posted:
Sun Feb 02, 2003 10:16 am
Odd for a host to disallow the samllest things, yet allow two vulnerabilties to exist? They don't even allow php.ini parsing.
_________________ Paul Laudanski, Microsoft MVP Windows-Security
CastleCops: [de] [en] [wiki]
BillShiver Nuke Soldier
Joined: Jan 30, 2003
Posts: 34
Location: USA
Posted:
Sun Feb 02, 2003 10:33 am
I have no idea what php.ini parsing would be. On my very first post here I emphasized that I was a newbie and a dummy. While I have been building and hosting web sites for 9 years, its only in the past couple of months that I have been working with php and mysql. Obviously, I have lots to learn.
I have a virtual server and my provider tells me that they are working to implement new versions to address the vulnerability issues. I've been with them for 5 years and they have always been honest with me. I will ask about the parsing issue however.
I am downloading the 7 upgrade and will see how it works.
Again, I sincerely appreciate your input, suggestions, tips and assistance.
Bill
BillShiver Nuke Soldier
Joined: Jan 30, 2003
Posts: 34
Location: USA
Posted:
Sun Feb 02, 2003 12:55 pm
Thought I would let you know that I uploaded all the beta7 files and pretty much everything works now. people can add accounts, etc.
I did notice that the bug in sessions.php, lines 198 and 199 is still there. I had to add double slashes // in front of these lines and all worked.
Anyway, its seems that most problems have been cured by 7.
Thanks,
Bill
Zhen-Xjell Nuke Cops Founder
Joined: Nov 14, 2002
Posts: 5939
Posted:
Sun Feb 02, 2003 1:06 pm
Parsing php.ini, being able to either call it from memory (because at run time, php.ini gets loading into memory) and deliver the details of its configuration. If unable to get it from memory, be able to actually read php.ini and via PHP's internal functions, parse it... look for configuration settings and show them.
_________________ Paul Laudanski, Microsoft MVP Windows-Security
CastleCops: [de] [en] [wiki]
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
