In php.ini, there is this:
; Misc
;
; Decides whether PHP may expose the fact that it is installed on the server
; (e.g. by adding its signature to the Web server header). It is no security
; threat in any way, but it makes it possible to determine whether you use PHP
; on your server or not.
expose_php [...]
A WordPress 2.2 vulnerability was posted on milw0rm recently, which allows SQL injection via xmlrpc.php.
Here is the vulnerable function
function wp_suggestCategories($args) {
global $wpdb;
$this->escape($args);
$blog_id [...]
I brought out Acunetix to test the script that I'm writing. It's a pretty noisy web vulnerability scanner that tests for XSS, SQL Injection, server vulnerabilities, and other things that just shouldn't be around. I'm not going to reveal too much about my script, but it consists of a user system, private messaging, posting with [...]