Hello,
suppose there is a file at http://otherhost.com/remote.php that looks
like this:
?php
if (!isset($safe_flag))
{
die(hacking attempt);
}
echo You are in;
?
Suppose i executed the following php file at http://myhost.com/local.php
?php
require_once(http://otherhost.com/remote.php;);
2009/1/7 Daniel Kolbo kolb0...@umn.edu:
suppose there is a file at http://otherhost.com/remote.php that looks like
this:
?php
if (!isset($safe_flag))
{
die(hacking attempt);
}
echo You are in;
?
Suppose i executed the following php file at http://myhost.com/local.php
?php
If register_globals is on (ewww!) at otherhost.com, then ?safe_flag on the
URL will get in.
This is one of the reasons why register_globals should be OFF.
NOTE:
The code you gave does not describe the circumstances whereby $safe_flag is
set. There could be all manner of other issues
c...@l-i-e.com wrote:
If register_globals is on (ewww!) at otherhost.com, then ?safe_flag on the
URL will get in.
This is one of the reasons why register_globals should be OFF.
NOTE:
The code you gave does not describe the circumstances whereby $safe_flag is
set. There could be all manner
4 matches
Mail list logo