Posted by Rik Wasmus on 09/29/20 12:01
On Sun, 27 Jan 2008 20:30:14 +0100, MZ <marcinzmyslowski@poczta.onet.pl>=
=
wrote:
> Hello!
>
> How to prevent from such try of attack of the website?
>
> http://www.example.com/index.php?id=3D0?;print_r(glob('*'));echo%20%22=
By just not running/eval()ing arbitrary code from outside? You'd really =
=
have to provide the mechanism for the hacker for this to work, it is not=
=
an inherent vulnerability of PHP.
-- =
Rik Wasmus
[Back to original message]
|