|
Posted by Rik Wasmus on 09/29/65 12:01
> Uzytkownik "Rik Wasmus" <luiheidsgoeroe@hotmail.com> napisal w =
> wiadomosci news:op.t5lsmesk5bnjuv@metallium.lan...
> On Sun, 27 Jan 2008 20:30:14 +0100, MZ <marcinzmyslowski@poczta.onet.p=
l>
> wrote:
> Hello!
> How to prevent from such try of attack of the website?
> http://www.example.com/index.php?id=3D0?;print_r(glob('*'));echo%20%2=
2
> By just not running/eval()ing arbitrary code from outside? You'd real=
ly
> have to provide the mechanism for the hacker for this to work, it is n=
ot
> an inherent vulnerability of PHP.
On Sun, 27 Jan 2008 20:37:56 +0100, MZ <marcinzmyslowski@poczta.onet.pl>=
=
wrote:
> Sorry English language is not my national language.
> Please explain to me in details this sentence:
>By just not running/eval()ing arbitrary code from outside?
> What do you mean by asking me it?
> You said that is not the weakness of PHP. Do you mean that PHP is
> such attacks proof?
> Thank you and sorry for such question
Yes, PHP will NOT execute code from the URL without you telling it to.
What you DO want to check for is SQL injection (google it).
-- =
Rik Wasmus
[Back to original message]
|