PHP is a powerful server-side scripting language for creating dynamic and interactive websites.
PHP is the widely-used, free, and efficient alternative to competitors such as Microsoft's ASP. PHP is perfectly suited for Web development and can be embedded directly into the HTML code.
The PHP syntax is very similar to Perl and C. PHP is often used together with Apache (web server) on various operating systems. It also supports ISAPI and can be used with Microsoft's IIS on Windows.

Monday, July 7, 2008

Research and Markets: PHP and MySQL: Create-Modify-Reuse

Research and Markets ( has announced the addition of the "PHP and MySQL: Create-Modify-Reuse" report to their offering.

- Step-by-step instructions walk readers through real-world applications

- Packed with ready-to-use projects for PHP and MySQL, this book guides readers through several real-world projects that are complete, tested, and ready to be implemented, so that readers can learn by doing

- Clearly explains to readers all aspects of design, such as portability, design flow, and integration, and shows them how to properly secure their applications for real-world implementation

- Authored by a PHP expert who is in tune with common tasks and the various problems faced by developers in everyday circumstances

- Application topics include user management, Web forums, and an image gallery

- Although PHP and MySQL can each be used independently, when they are used together, they open up dynamic options for Web site development

Key Topics Covered:

- User Registration.

- Community Forum.

- Mailing List.

- Search Engine.

- Personal Calendar.

- Ajax File Manager.

- Online Photo Album.

- Shopping Cart.

fuzzylime (cms) rss.php Local File Inclusion Vulnerability

Ams has discovered a vulnerability in fuzzylime, which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system.

Input passed to the "p" parameter in rss.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources.

Successful exploitation requires that "magic_quotes_gpc" is disabled.

NOTE: The vulnerability can be exploited to execute arbitrary PHP code by including the code/content.php script.

The vulnerability is confirmed in version 3.01a. Other versions may also be affected.