Talk:Top 10 2007-Malicious File Execution

From OWASP
Revision as of 09:29, 27 August 2007 by Motoma (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

"Not only does this allow evaluation of remote hostile scripts, it can be used to access local file servers (if PHP is hosted upon Windows) due to SMB support in PHP’s file system wrappers."

This flaw can allow access to the local file servers regardless of the operating system PHP is hosted on; actively mounted shares appear as normal file system entities, accessible through standard file operations.

--Motoma 10:29, 27 August 2007 (EDT)