Quote:
Originally Posted by nate
by the time they can do anything other than what your a script allows allows them to with a writable file or directory, they already have pwned that account and can do pretty much anything (well, not counting other users that aren't in a a chroot container)
|
2 words. SQL injection.
Also, if you set stuff to 777 and someone fucks your script into writing out a new PHP file, that causes the account to be pwned -- so before you try talking security, please get a clue first
