Remote File Variable Injection Safety?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,

suppose there is a file at http://otherhost.com/remote.php that looks like this:

<?php
if (!isset($safe_flag))
{
   die("hacking attempt");
}
echo "You are in";
?>

Suppose i executed the following php file at http://myhost.com/local.php

<?php
require_once("http://otherhost.com/remote.php";);
?>

Is there any way to get local.php to display "You are in", by only modifying local.php? That is, is there a way to set $safe_flag on the remote host as one requests a file from the remote host from within local.php?

I have genuine, academic, non-belligerent intentions when asking this question.

Thanks,
dK



[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux