Posted by Frank Mutze on 03/29/06 12:31

hello

Is there a method to forbid an attacker to exploit download.php
in grabbing some "sensitive" file ?

I mean using that kind of trick

download.php?filename=../../../../../../../../../../../../etc/passwd

thanks you

• Next in forum: Re: Combination or Permutation question!
• Prev in forum: charsert question
• Thread view: securing

[Reply to this message]