http://simonwillison.net/2007-12-28T23:40:57+00:00Simon Willison2007-12-28T23:40:57+00:002007-12-28T23:40:57+00:00https://simonwillison.net/2007/Dec/28/backdooring/#atom-tag

<p><strong><a href="http://lwn.net/SubscriberLink/262688/2d3182e0471e9f93/">The backdooring of SquirrelMail</a></strong></p> A SquirrelMail developer’s account was compromised and used to insert a backdoor: the other developers initially missed the hole because it used $_SERVER[’HTTP_BASE_PATH’], which can be set with a Base-Path: HTTP header. <p>Tags: <a href="https://simonwillison.net/tags/backdoor">backdoor</a>, <a href="https://simonwillison.net/tags/http">http</a>, <a href="https://simonwillison.net/tags/php">php</a>, <a href="https://simonwillison.net/tags/security">security</a>, <a href="https://simonwillison.net/tags/squirrelmail">squirrelmail</a></p>