Re: Using 'header' as redirect

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: "Philip Thompson" <prthomp@xxxxxxxx>
Subject: Re: Using 'header' as redirect
From: "Martin Alterisio" <malterisio777@xxxxxxxxx>
Date: Tue, 30 May 2006 13:27:15 -0300
Cc: "php General List" <php-general@xxxxxxxxxxxxx>
In-reply-to: <DF72BC50-55FF-42FA-A13D-8453555942AD@xxxxxxxx>
List-help: <mailto:php-general-help@lists.php.net>
List-post: <mailto:php-general@lists.php.net>
List-unsubscribe: <mailto:php-general-unsubscribe@lists.php.net>
References: <DF72BC50-55FF-42FA-A13D-8453555942AD@xxxxxxxx>

2006/5/30, Philip Thompson <prthomp@xxxxxxxx>:


<?
if ($subPage = $_GET['page'])
   include ("$subPage");
?>


Are you checking what the user is sending inside $_GET['page']? If not, your
system is vulnerable to a remote file injection.

Follow-Ups:
- Re: Using 'header' as redirect
  - From: Philip Thompson

References:
- Using 'header' as redirect
  - From: Philip Thompson

Prev by Date: Re: how include works?
Next by Date: Re: Using 'header' as redirect
Previous by thread: Using 'header' as redirect
Next by thread: Re: Using 'header' as redirect
Index(es):
- Date
- Thread

[Index of Archives] [PHP Home] [Apache Users] [PHP on Windows] [Kernel Newbies] [PHP Install] [PHP Classes] [Pear] [Postgresql] [Postgresql PHP] [PHP on Windows] [PHP Database Programming] [PHP SOAP]

Powered by Linux