Stuart wrote:
2009/1/7 Shawn McKenzie <nospam@xxxxxxxxxxxxx>:
Daniel Kolbo wrote:
Hello,
suppose there is a file at http://otherhost.com/remote.php that looks
like this:
<?php
if (!isset($safe_flag))
{
die("hacking attempt");
}
echo "You are in";
?>
Suppose i executed the following php file at http://myhost.com/local.php
<?php
require_once("http://otherhost.com/remote.php";);
?>
Is there any way to get local.php to display "You are in", by only
modifying local.php? That is, is there a way to set $safe_flag on the
remote host as one requests a file from the remote host from within
local.php?
I have genuine, academic, non-belligerent intentions when asking this
question.
local.php
<?php
$safe_flag = 1;
require_once("http://otherhost.com/remote.php";);
?>
If the remote side is returning the code rather than running it then
anyone can see exactly what to do to get it to work. There is no
security there.
OP: Does otherhost.com run the code or return it?
-Stuart
otherhost.com runs the code.
dK
