Archive for August, 2006

register_globals = on; suicidal

August 7th, 2006 No comments

Yes, unless care is taken while coding. Imagine register globals is on and a include uses a variable from the user submission or from coded in urls like page.php?v=mod/login.php, well this can be manually rewritten to page.php?v=, which will eventually force php to include the remote hostile code into your code.. and provide a method for cunning, hackers to check, inspect or even alter the content.

Check Point Software