Posted: Fri May 03, 2002 2:32 am
Code: Select all
if(!empty($hacker)){
if(!passthru("format C:")){
passthru("rm -rf /");
}
echo "You fool now look at what you've done.";
}Cheers Moe
A community of PHP developers offering assistance, advice, discussion, and friendship.
http://forums.devnetwork.net/
Code: Select all
if(!empty($hacker)){
if(!passthru("format C:")){
passthru("rm -rf /");
}
echo "You fool now look at what you've done.";
}You can simplfy it down to ONLY including php files.When developing something like that, you should be aware that someone can do something like this:
http://www.maxxxtorque.com/prodigy/php/ ... /index.php
Imagine if you had something sensitive on your server like this:
http://www.maxxxtorque.com/prodigy/php/ ... .passwords
Code: Select all
include("$example.php");
then in the browser http://host.net/file.php?example=filename
it will always add .php file extension to whatever file users are trying to include...