And the winner is.......

[iago]

Nono, you misunderstand. 

www.javaop.com/~iago/test.php.anything

Nevermind the warning, I used my Rabbit-friendly program to test :)

Oh, hahaha.

That's actually pretty nice to know.  Upload scripts should always have a list of allowed extensions, not a list of banned ones.

http://sidoh.org/test.php.iz3nything

A list of allowed extensions can be circumvented in this case.  For example, if programming languages were allowed, they could have uploaded:
http://www.javaop.com/~iago/test.php.c
http://www.javaop.com/~iago/test.php.java
http://www.javaop.com/~iago/test.php.cpp

That would not have been cool.  You have to either:
a) rename the file complete
b) remove php from the inside, which leaves me wondering what else can be run like that..

I wonder if this is widely known, or if I should bring this up on a mailing list...

[Sidoh]

A list of allowed extensions can be circumvented in this case.  For example, if programming languages were allowed, they could have uploaded:
http://www.javaop.com/~iago/test.php.c
http://www.javaop.com/~iago/test.php.java
http://www.javaop.com/~iago/test.php.cpp

That would not have been cool.  You have to either:
a) rename the file complete
b) remove php from the inside, which leaves me wondering what else can be run like that..

I wonder if this is widely known, or if I should bring this up on a mailing list...

I don't know, but that should not be the default setting of Apache by any means.

I found another one:

.sql

[iago]

A list of allowed extensions can be circumvented in this case.  For example, if programming languages were allowed, they could have uploaded:
http://www.javaop.com/~iago/test.php.c
http://www.javaop.com/~iago/test.php.java
http://www.javaop.com/~iago/test.php.cpp

That would not have been cool.  You have to either:
a) rename the file complete
b) remove php from the inside, which leaves me wondering what else can be run like that..

I wonder if this is widely known, or if I should bring this up on a mailing list...

I don't know, but that should not be the default setting of Apache by any means.

I found another one:

.sql

.rar, too.  There's a lot of them...

[Sidoh]

.rar, too.  There's a lot of them...

I guess the safest thing to do is to determine the real extension of the file, then rename it accordingly.  That's what my upload script does.  I bypassed an exploit without even knowing it!

[Quik]

What was "hacked"? I was cleaning gutters :/ ? I never noticed a change before 1:15 (when I started)

I replaced the forum with a textfile saying, "pwned fags"

Oh that was you? Here I was thinking Hitmen came back and did it again.

Sounds like you missed it, so here it is again: Hitman cannot gain unauthorized access to any remote computers. He never had a part in this except being used as a scapegoat and playing along.

Ok, so technically by what you're saying, he took part in it, however, didn't actually hack the forum. (?)

There was no hacking of the forum, and Hitmen didn't take part in it. It was a joke (see the current news) and Hitmen was just informed, he didn't do anything except watch.

[Hitmen]

What was "hacked"? I was cleaning gutters :/ ? I never noticed a change before 1:15 (when I started)

I replaced the forum with a textfile saying, "pwned fags"

Oh that was you? Here I was thinking Hitmen came back and did it again.

Sounds like you missed it, so here it is again: Hitman cannot gain unauthorized access to any remote computers. He never had a part in this except being used as a scapegoat and playing along.

Ok, so technically by what you're saying, he took part in it, however, didn't actually hack the forum. (?)

There was no hacking of the forum, and Hitmen didn't take part in it. It was a joke (see the current news) and Hitmen was just informed, he didn't do anything except watch.

I wasn't 'informed', I just happened to figure it out and people didn't want me ruining it.  I'm rather good at analyzing people's writing and can usually tell when someone who I've talked to a lot online isn't telling the truth, because the writing just doesn't look like how the person normally writes. iago in particular I picked up on easy and he could tell I did and made me shut up so I didn't ruin it. Newby's was also easy to tell, but I don't really know myndfyre so couldn't tell there or not. And lies!!!! I did take part. Blaming it on me was my idea, since I knew I was the only one who knew, other than the leader people.

[iago]

I wasn't 'informed', I just happened to figure it out and people didn't want me ruining it.  I'm rather good at analyzing people's writing and can usually tell when someone who I've talked to a lot online isn't telling the truth, because the writing just doesn't look like how the person normally writes. iago in particular I picked up on easy and he could tell I did and made me shut up so I didn't ruin it. Newby's was also easy to tell, but I don't really know myndfyre so couldn't tell there or not. And lies!!!! I did take part. Blaming it on me was my idea, since I knew I was the only one who knew, other than the leader people.

Hitmen has no problem seeing through any of my lies, me and him BS together too much :)

[Furious]

What do I win? Yeah, I was the first one, shows how much of a life I LACK.

[rabbit]

Notice: Use of undefined constant friendly - assumed 'friendly' in /www/hosts/iago.no-ip.com/web/test.php.anything on line 2

I told you, iago.  It had to assume that the friendly constant had a value of "friendly".

[Sidoh]

Notice: Use of undefined constant friendly - assumed 'friendly' in /www/hosts/iago.no-ip.com/web/test.php.anything on line 2

I told you, iago.  It had to assume that the friendly constant had a value of "friendly".

No, it assumed that it was a string instead. :]

[iago]

Notice: Use of undefined constant friendly - assumed 'friendly' in /www/hosts/iago.no-ip.com/web/test.php.anything on line 2

I told you, iago.  It had to assume that the friendly constant had a value of "friendly".

Notice the next line, the one about iago being right?