Posted: Sat Aug 19, 2006 5:22 pm
that's the same as any other form of injection..
This would be a vulnerability:
that could allow the attacker to instantiate whatever class they please that is available.
The simple rules of input validation apply anywhere you use input. I choose to whitelist anything that is an action, or a page id, etc.
This would be a vulnerability:
Code: Select all
<?php
$reflect = new ReflectionClass ($_GET['var']);
$object = $reflect->newInstance();
?>The simple rules of input validation apply anywhere you use input. I choose to whitelist anything that is an action, or a page id, etc.