Public
- Public
- Groups
- Media
- Popular

Conversation

Notices

Dale Cooper

@redenchilada even if I know, I have for policy of always asking and receiving advices. So if you can give me your thoughts, I will take them with great pleasure and recognition :)

Sunday, 28-Jul-13 01:50:08 UTC from web
1. RedEnchilada (notice the lack of a space)
  
  @dalecooper The method I used was editing php.ini and setting cgi.fix_pathinfo=0; it means it'll error out if the exact requested file isn't found. Otherwise they could do /uploaded_file.txt/blah.php and execute PHP code included in the text file. Just check http://wiki.nginx.org/Pitfalls#Passing_Uncontrolled_Requests_to_PHP real quick.
  
  Sunday, 28-Jul-13 01:53:40 UTC from web

Feeds

Rainbow Dash Network is a microblogging service brought to you by Cerulean Spark. It runs the StatusNet microblogging software, version 1.0.1, available under the GNU Affero General Public License.

Content and data of Rainbow Dash Network are private and confidential.

Content and data copyright by Rainbow Dash Network. All rights reserved.

Switch to mobile site layout.