Hi Terrence,
yes, is the same as using a .htaccess, the difference is that having
many .htaccess
files makes your apache server a little litle more slow.
Just write this in bin/.htaccess Order deny,allow Deny from all
BTW, I just tested the exploit and it does not work when having the safe_mode and open_basedir options enabled in php.
HTH Oliver
Also, I noticed this comment in Oliver's quote of the exploit:
(but you could do the same
uploading some file in /data/media folder through /lib/exe/media.php...,
I choosed the first solution)
Would there be a similar .htaccess for this? (In other words, where would it be put?)
-- Oliver Schulze L. Get my e-mail after a captcha test in: http://tinymailto.com/oliver
-- DokuWiki mailing list - more info at http://wiki.splitbrain.org/wiki:mailinglist