1 May
2007
1 May
'07
09:47
John D Lamb escribió:
On Fri, 2007-04-27 at 17:26 -0400, Cristian Rodriguez R. wrote:
John D Lamb escribió:
<form method="post" action="<?php echo $SEVER['PHP_SELF']; ?>">
Sure,and then you get a free security hole.
Oops. I should have copied this instead of assuming I wouldn't make two errors in a single line of code.
Dont worry too much, this specific bug is present in a lot of applications, even in a well known PHP security guide that is widely used as a good programming reference..see my blog post http://blog.flyspray.org/archives/7-Amusing-security-hole-in-Shifletts-secur...