TalkPHP

TalkPHP (http://www.talkphp.com/forums.php)
-   General (http://www.talkphp.com/general/)
-   -   Potential File Inclusion exploit? (http://www.talkphp.com/general/3403-potential-file-inclusion-exploit.html)

Orc 10-01-2008 04:51 PM
Potential File Inclusion exploit?
 
PHP Code:
    foreach ( glob('*.class.php') As $val )
    {
        
        include($val);
        
    } 
Does this have any potential?

Salathe 10-01-2008 05:31 PM
Only if you're silly enough to let an attacker write files ending in .class.php in the current working directory.

Orc 10-02-2008 04:17 AM
Quote:
Originally Posted by Salathe (Post 18584)
Only if you're silly enough to let an attacker write files ending in .class.php in the current working directory.
I'll just prevent that then.


All times are GMT. The time now is 09:19 PM.

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.1.0