> <snip> > file.php?file=inc.foobar.php > ------------------------- > include("include/$file"); > </snip>
That doesn't fix anything... file.php?file=../../../etc/passwd Just a matter of a few tries to see how many directories you have to go up... ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php