[Lazarus] Lazarus Forum seems to be hacked!
patspiper
patspiper at yahoo.com
Fri Jan 29 20:18:59 CET 2010
waldo kitty wrote:
> my point that i just tried to make in a (very) recent post is that
> this type of c4rp would not happen if the vars passed in the GET and
> POST were properly sanitized ;)
>
> FWIW: it doesn't matter which shellcode was used as long as any
> shellcode can be pulled from a remote site via an unsanitized var...
It is not only a matter of sanitizing GET and POST vars. The php shell
could be uploaded as an avatar (an image) and executed if no proper
safeguards are taken to prevent that. And this is just one example of
vulnerabilities.
More information about the Lazarus
mailing list