tag:blogger.com,1999:blog-732257695511948254.post3893780502606221382..comments2009-12-10T08:01:38.621-08:00Claudio Criscionehttp://www.blogger.com/profile/12202628660778574382noreply@blogger.comBlogger1125tag:blogger.com,1999:blog-732257695511948254.post-21245853575755347412009-12-10T08:01:38.621-08:002009-12-10T08:01:38.621-08:00Certain web servers will process code in files with certain extensions this list doesn&#39;t include.<br /><br />PHP:<br />.ph3<br />.ph4<br />.pht<br /><br />SSI:<br />.shtml<br /><br />I believe this NOT to be a comprehensive list, either. This is a perfect example of why you must whitelist, not blacklist.<br /><br />(Nice find, btw ;D)Dan Crowleyhttp://www.blogger.com/profile/01153564415918026524noreply@blogger.com