Re: Re: Remote File Variable Injection Safety?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Daniel Kolbo wrote:
>
> Shawn McKenzie wrote:
>> Daniel Kolbo wrote:
>>   
>>> Hello,
>>>
>>> suppose there is a file at http://otherhost.com/remote.php that looks
>>> like this:
>>>
>>> <?php
>>> if (!isset($safe_flag))
>>> {
>>>    die("hacking attempt");
>>> }
>>> echo "You are in";
>>> ?>
>>>
>>> Suppose i executed the following php file at http://myhost.com/local.php
>>>
>>> <?php
>>> require_once("http://otherhost.com/remote.php";);
>>> ?>
>>>
>>> Is there any way to get local.php to display "You are in", by only
>>> modifying local.php?  That is, is there a way to set $safe_flag on the
>>> remote host as one requests a file from the remote host from within
>>> local.php?
>>>
>>> I have genuine, academic, non-belligerent intentions when asking this
>>> question.
>>>
>>> Thanks,
>>> dK
>>>
>>>
>>>
>>>     
>>
>> local.php
>>
>> <?php
>>
>> $safe_flag = 1;
>> require_once("http://otherhost.com/remote.php";);
>>
>> ?>
>>
>>   
> The proposed method does not work, as the script returned from
> remote.php is "hacking attempt", because $safe_flag is in the scope of
> myhost.com and not otherhost.com.
> dK

Of course I was wrong, but not for the reason you state.  There is no
file "scope" regardless of where the file resides.  The reason it
doesn't work is because remote.php code is note included/required.  The
code is run on the  remote server and the result is included in the
local .php.  Since the result is "hacking attempt", then that is what is
included.  Sorry for my quick reply.

-Shawn

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux