<form action="phpinfo.php?_FILES[fake][tmp_name]=/etc/passwd" method="post" enctype="multipart/form-data">
Fake: <input type="text" name="_FILES[fake][tmp_name]" value="/etc/passwd"><br>
<input type="file" name="subor"><br>
<input type="submit">
</form>
$_FILES superglobal still wasn't poisoned.
Alexander Mueller wrote:
Raditha Dissanayake wrote:
This does not work with multipart/form-data you need www-urlencoded (or just don't set an enctype attribute in your form)
What would happen in this case? The given filename would be passed to the script?!
Alexander
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
