PHP Classes

unsecure parameters from browser

Recommend this page to a friend!

      Downloader  >  All threads  >  unsecure parameters from browser  >  (Un) Subscribe thread alerts  
Subject:unsecure parameters from browser
Summary:you have a security hole where users can give relative pathnames
Messages:1
Author:Bastian Gorke
Date:2006-03-25 14:46:50
 

  1. unsecure parameters from browser   Reply   Report abuse  
Picture of Bastian Gorke Bastian Gorke - 2006-03-25 14:46:50
check the $_GET / $_POST vars for relative pathnames. there is currently no check, so everyone with access to the script can use it to download all known files from the server.