including file a security risk?
Posted: Wed Jul 11, 2007 6:47 am
Hello,
I am doing security audit of the PHP website which has the following first line of code containing file included in the / (root) directory of the website.
[b][syntax=php]<?php require ("config.php"); ?>[/syntax][/b]
The above file contains code to connect to MYSql Database.
When I try to open this file , the blank page is displayed.
I want to know , does including file this way, pose a security risk/ vulnerability? Do any one can change file or insert any malicious file using C99 shells.? If yes, then how ?
Thank you
I am doing security audit of the PHP website which has the following first line of code containing file included in the / (root) directory of the website.
[b][syntax=php]<?php require ("config.php"); ?>[/syntax][/b]
The above file contains code to connect to MYSql Database.
When I try to open this file , the blank page is displayed.
I want to know , does including file this way, pose a security risk/ vulnerability? Do any one can change file or insert any malicious file using C99 shells.? If yes, then how ?
Thank you