Page 1 of 1

preg_replace with $_GET ..

Posted: Mon Jul 23, 2007 12:49 pm
by Devil-00
Peace ,

First sorry for my poor english :D , but i wish to understand me ..

Code: Select all

$file = $_GET['file'];
$file = preg_replace("/\.\./", '', $file);
this is a code i doing my test on it , and when the link like that

Code: Select all

/test.php?file={${phpinfo()}}
... everything is okay

but when i change the source code to

Code: Select all

//$file = $_GET['file'];
$file = "{${phpinfo()}}";
$file = preg_replace("/\.\./", '', $file);
i can see my phpinfo for my own local host ..

so , if i work with first code any danger from hackers ?

Posted: Mon Jul 23, 2007 1:44 pm
by miro_igov

Code: Select all

$file = '{${phpinfo()}}';
Otherwise the ${} is evaluated.

Posted: Mon Jul 23, 2007 2:12 pm
by superdezign
Any danger from hackers? Yes. Actually, you've even got "danger" from people who are just bad at re-typing URLs that they've seen. Hopefully, you are doing more validation of the GET variable than that.