Charles Stuart wrote:
A student run server on my old campus used to turn off PHP for security
reasons - ridiculous.
Would it be possible to use XSS to call curl from a remote site? I'm
just a beginner so that may or not make sense.
I'm not really a beginner but I don't know if that makes sense either :-S
I'm pretty sure the answer is no.
Indeed it does seem like JS is the solution - unfortunately - as it
workaround, not solution. a new host would be a solution,
one that means you don't have to waste time coding around completely
crazy setups.
seems like their 'trap' catches any string including CURL U before I
seems like a total bogus filter. exactly what makes 'CURL U' so evil when
passed to a php/cgi script anyway?
can str_replace the string after gathering the input with _POST. Anyone
disagree?
well you could check out something like:
<?
$putdata = fopen( "php://input" , "rb" );
while(!feof( $putdata ))
echo fread($putdata, 4096 );
fclose($putdata);
?>
or
<?
echo file_get_contents('php://input');
?>
or
<?
echo $HTTP_RAW_POST_DATA;
?>
best,
Charles
On Oct 10, 2005, at 3:12 PM, Rory Browne wrote:
I'm not completely sure, but I think they're talking shite. If curl is
I think I can smell it here too.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
