[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: PHP source injection in phpWebSite
Just as a side note, quite a lot of sites are open to this kind of
attacks, namely including files from other servers. fopen_wrappers and
unsafe programming are to blame here.
Lots of scripts do
include($file); // $file is in GPC
So if $file is "http://www.cracker.com/somefile.php" that file gets
included, and php code in it gets executed.
Easy workaround: disable fopen_wrappers in php.ini, or call file_exists
before including any file.
if (file_exists($file)) include($file);
Of course, the only "real" way to fix the bug is to program safely.
On 9/23/2002 1:53 AM Tim Vandermeersch wrote:
> If someone request a URL like
> the htmlheader.php file from MYBOX would be included,
> and the attacker would be able to include any code he