|
|
Posted by Matt F on 05/25/07 21:14
On Fri, 25 May 2007 22:35:24 +0200, Schraalhans Keukenmeester <invalid@invalid.spam> wrote:
: At Fri, 25 May 2007 15:09:00 -0500, Matt F let his monkeys type:
:
: > On Fri, 25 May 2007 19:08:42 +0100, Toby A Inkster
: > <usenet200703@tobyinkster.co.uk> wrote: : Matt F wrote:
: > :
: > :
: > : Think about:
: > : http://example.com/ping.php?Count=;rm+-fr+~; :
: >
: > Sorry, but I don't follow. Please elaborate.
: >
: > Matt
:
: Toby warns you that if you accept $_GET params like that, without
: checking, you leave a door wide open for people to wreak havoc on your
: server (the suggested paramters attempts to wipe everything on your
: system. You can think up your own nightmare scenario here)
:
Thank you! As you can tell, I'm quite new to this. I definitely
wouldn't want someone executing an "rm -rf" from my PHP script. I will
try your suggestion!
Matt
Navigation:
[Reply to this message]
|