like
http://xyz.com/~user1
http://xyz.com/~user2
http://xyz.com/~user3
http://xyz.com/~user4
these are just differnet dirctories in the root directory of the server.
now i am user1.
and user2 is malicious.
i have a script of uploading files. visitors can upload their files provided they are logged in. other wise not.
so.. in my script upload.php that contains "uploading form" i wrote
Code: Select all
if(isset($_SESSION['UserName']))
{
//`````````` print the form for uploading `````
}
else
{
header("Location: login.php")
}now the problem is...
the malicious user2 is giving a link like http://xyz.com/~user2/hack.php in which he is just giving a link to http://xyz.com/~user1/upload.php on clicking without logging in.
everyone is able to upload the files.
so hopefully /~user2/hack.php is creating that session variable $_SESSION['UserName']
1. am i right?
2. how did he get know that i am using $_SESSION['UserName'] as session variable?
3. can't i limit the session variables to just a specific directory in which they are set. i mean how to disable global(root scope) scope of sessions and limit them to just directory?