Re: vulnerability ? — PHP Language — IT news, forums, messages

You are here: Re: vulnerability ? « PHP Language « IT news, forums, messages

Posted by Peter on 09/29/07 15:27

Addionally,

I figure this piece of code needs to be mentioned as well (placed before the
earlier mentioned code) :

if($_SERVER['QUERY_STRING']!="")
$special_char='?';
else $special_char="";

Followed by earlier mentioned piece of code:

$link =
explode('/',$_SERVER['PHP_SELF'].$special_char.$_SERVER['QUERY_STRING']);
$from = $link[sizeof($link)-1];

Further investigating also shows (not hundred % sure, but it looks like it)
that the problem only occurs on pages where parameters can be passed.

e.g. page1?item=1
etc.

Navigation:

Next in forum: protect php file
Prev in forum: vulnerability ?
Thread view: Re: vulnerability ?

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация