Posted by OmegaJunior on 02/27/07 22:32

On Tue, 27 Feb 2007 09:56:29 +0100, Geoff Berrow <blthecat@ckdog.co.uk>
wrote:

> Message-ID: <op.toecyxs170mclq@cp139795-a.landg1.lb.home.nl> from
> OmegaJunior contained the following:
>
>> Imagine a hacker who happens to know or guess the system
>> you use, and then requests your gallery.php to show the contents of that
>> configuration file?
>
>
> How would a gallery script show the contents of a .php file?

That highly depends on the gallery script, doesn't it? If the script would
perform an fopen() or file() on any file name it receives, and then echoes
the result to the browser, you bet the contents of a .php will be shown.

If the gallery script merely enters the received file name into the src
attribute of an img element, there's little to fear. But if we'd enter it
into the data attribute of an object element or the href attribute of an
iframe element, there's a lot to fear.

--
Using Opera's revolutionary e-mail client: http://www.opera.com/mail/

• Next in forum: Re: Filtering arrays based on an object attribute
• Prev in forum: Re: How to remove row from ezSQL object?
• Thread view: Re: photo gallery question

[Reply to this message]