[Lazarus] Lazarus Forum seems to be hacked!

patspiper patspiper at yahoo.com
Fri Jan 29 20:18:59 CET 2010

waldo kitty wrote:
> my point that i just tried to make in a (very) recent post is that 
> this type of c4rp would not happen if the vars passed in the GET and 
> POST were properly sanitized ;)
> FWIW: it doesn't matter which shellcode was used as long as any 
> shellcode can be pulled from a remote site via an unsanitized var...
It is not only a matter of sanitizing GET and POST vars. The php shell 
could be uploaded as an avatar (an image) and executed if no proper 
safeguards are taken to prevent that. And this is just one example of 

More information about the Lazarus mailing list