From: Nikolajus Krauklis (nikolajus@avc.lt)
Date: Fri Mar 15 2002 - 03:21:48 CST
Hello,
in lithuania we have PHP mailing list with mailman.
With hypermail i making nice looking and usefull mailing list archive, but
in this archyve where are some vulnarabilities. For example in that server
there are PHP, so someone can send to mailing list *.php file and after
making archive all user can get this *.php file throught web mailing list
archive.
My mailing list archive reindexing every night, so every night i'm in
dangerous
situation. This .php on my server people can in simple drop database
and so on...
how to solve it. Before sending attachment to user browser, send special
header. So .php file will be not exacutable, but saveble :)
Thanks.
----------------------------------------
Nikolajus Krauklis