GoFuckYourself.com - Adult Webmaster Forum - View Single Post

Chariott · 10-25-2007, 12:18 AM

If register globals turned on, you shouldn't write this:
<?php include('<?echo "$id";?>'); ?>
as it has a vulnerability flaw.

Just set
?id=/etc/passwd
or
?id=/etc/shadow
and will get any file you want which is stored at the server.

10-25-2007, 12:18 AM
Chariott Confirmed User Join Date: Nov 2006 Location: http://UUGallery.com http://UUGallery.com http://UUGallery.com http://UUGallery.com http://UUGallery.com http://UUGallery.com Posts: 361	If register globals turned on, you shouldn't write this: <?php include('<?echo "$id";?>'); ?> as it has a vulnerability flaw. Just set ?id=/etc/passwd or ?id=/etc/shadow and will get any file you want which is stored at the server. __________________ UUGallery v3.37 builder plugin for Wordpress! Now it builds FLV VIDEO Galleries! It grabs galleries from FHG's, generates thumbnails, resizes originals, arranges within your template and posts a gallery within 1 click! Start making money right now! ICQ# 475-719-552, Email+MSN: msnaddress[-~at~-]uusoftware.com