Example of a Local File Inclusion + Shell Demonstration to show you how an attacker would be able to remote code execution. It is a very serious vulnerability best thing to do is turn off the following if there not being used.
magic_quotes_gpc = Off
magic_quotes_runtime = Off
magic_quotes_sybase = Off
allow_url_fopen = Off
Would be a good ideal to make sure that
expose_php = On
is set to
expose_php = Off
that why the attacker has no idea what version of php your running.
No comments:
Post a Comment