2006/5/30, Philip Thompson <[EMAIL PROTECTED]>:
<?
if ($subPage = $_GET['page'])
include ("$subPage");
?>
Are you checking what the user is sending inside $_GET['page']? If not, your system is vulnerable to a remote file injection.
- [PHP] Using 'header' as redirect Philip Thompson
- Re: [PHP] Using 'header' as redirect Martin Alterisio
- Re: [PHP] Using 'header' as redirect Philip Thompson
- Re: [PHP] Using 'header' as redirect Stut
- Re: [PHP] Using 'header' as redirect Philip Thompson
- Re: [PHP] Using 'header' as redirect Stut
- Re: [PHP] Using 'header' as redirect Philip Thompson
- Re: [PHP] Using 'header' as redirec... Adam Zey
- Re: [PHP] Using 'header' as redirec... Stut
- Re: [PHP] Using 'header' as redirec... Richard Lynch
- Re: [PHP] Using 'header' as redirect Chris Boget
- Re: [PHP] Using 'header' as redirect Richard Lynch
