Re: PHP script help — PHP Programming Language

You are here: Re: PHP script help « PHP Programming Language « IT news, forums, messages

Posted by P Pulkkinen on 01/15/07 18:45

> I do not know anything about PHP but thrown into this mix. I was told
> by my ISP that there is vulnerability in following code to allow
> spammer load an offsite php script for mailing. The defective code is:

> if (isset($HTTP_GET_VARS['sport']))
> {
> $sport = $HTTP_GET_VARS['sport'];
> require ($sport.".php");
> }

$allowable_sports= array("football", "rugby", "tennis");

if (isset($HTTP_GET_VARS['sport']) && in_array($HTTP_GET_VARS['sport'],
$allowable_sports) )
{ require ($sport.".php"); }
else
{ require ("no_sport_just_sofa.php"); }

Navigation:

Next in forum: Re: PHP Redirect
Prev in forum: Re: PHP script help
Thread view: Re: PHP script help

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация