[pmwiki-users] action=upload hacked ???

Dominique Faure dominique.faure at gmail.com
Fri May 4 15:47:41 CDT 2007


On 5/4/07, Christophe David <pmwiki at christophedavid.org> wrote:
>
> > Is the root directory of the field writable?  If so, it shouldn't be.
>
>
> It is indeed.  Will change that.
>
>
> > That still doesn't explain where the files are coming from,
> > but I suspect it's not as a result of the uploads capability.
> >
> > >    I would appreciate it if someone would report a similar experience
> and
> > >    share his findings, or suggest a particular cookbook or combination
> of
> > >    settings that would allow the creation of these files.
> >
> > Perhaps you could help us narrow things down by letting us know
> > what recipes and/or settings you're using...?
>
>
> Here we go...
>
> ActionLog.php
> authuser.php
> charts.php
> emenu.php
> enablehtml.php
> e-protect.php
> expirediff.php
> FlashMindMap.php
> includeSite.php
> pmwiki2pdf.php
> postitnotes.php
> rssdisplay.php
> searchterms.php
> sourceblock.php
> stylepage.php
> VisitorsLogging.php
>
>
> Unfortunately, the accesslog retention period is such that I missed the
> lines for the moment these files were created.
>

FWIW, you can customize ActionLog with the help of using both parameters:
* $ActionLogLinesMax = NUMBER, to specify a maximum per-page log line count.
* $ActionLogArchive = 1, to archive previous logs when the line max
count has been reached instead of throwing them away.
Archived pages are named as ActionLog-TIMESTAMP by default.

Hope this could help,
Dominique



More information about the pmwiki-users mailing list