I wonder though, if they're on a the same server but different sites. Like a shared host environment. Aw the things the bewilder the mind.
Nate "Bryan Lipscy" <[EMAIL PROTECTED]> wrote in message 000001c2d710$81a68e20$6301a8c0@ukiuki">news:000001c2d710$81a68e20$6301a8c0@ukiuki... > That is called Cross-Site Scripting (XSS). > I have not been able to get access to the variables via an XSS exploit. > It appears that Apache renders the php code before sending off the > requesting include function. > > I also like the .htaccess way of preventing user access to the scripts. > This is also worthy of further investigation. > > Bryan > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php