On Sun, 2004-02-08 at 08:27, Andrew Séguin wrote:
> A test to confirm that, is to point the browser to the address being
> included. See the source? vulnerable. See the results? not vulnerable.
If you do not see 'source' then what are you including? For example the
following script could be included remotely:
<?php
echo <<EOF
<?php
\$sql = "SELECT * FROM table WHERE id = $number";
?>
EOF;
?>
If you were able to do include the above source with:
include("http://somewhere.com/file.php?number=123";);
You could include and see php code. Not the original but something that
is still useful. include() includes php code, if you can include a file
from a remote source you can view it with a browser. What you say is
true:
"See the source? vulnerable. See the results? not vulnerable."
Of course if you can not see it you also can not include it remotely.
As a side note it is safer to put includes outside the web path. An
overflow or some other bug may be found that would bypass processing of
.php files (or a different bug could be exploited to write a .htaccess
file in that directory). If you have the option to move includes to a
different directory it is more secure.
--
Adam Bregenzer
[EMAIL PROTECTED]
http://adam.bregenzer.net/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
