Graham Anderson wrote:
How does a hacker get access to your scripts located outside the web
folder?
I asked a friend to hack my php script within the web folder...
er. why don't you *#@%*&#(%*&!@#^%(_*^#()% % er ask him.
all of my crucial function were called by:
require_once("/home/siren/includes/fonovisa.inc");
the 'encrypt' functions are MCRYPT_RIJNDAEL_256
He was able to get access to the 'fonovisa.inc' php script [outside
the web folder] and all the stuff inside
Based on my current knowledge, my security breaches are probably big
enough to drive a truck through :(
how can I prevent this ?
santize your input - make sure your webserver is secure.
don't give php files a .inc extension if you don't know what your doing.
your probably doing the equivelant of (although some what less obviously):
<?
echo get_file_contents( $_GET['anyfileyoulike'] );
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php