Friday, October 9, 2009

PHP Arbitrary File Include

A common attack vector used by attackers against web applications is to attempt to convolute the commonly used include(), include_once(), require() and require_once() functions. These functions will include files into the currently executing script, and even evaluate their contents. This can lead to a number of dangerous conditions that expose web applications to attacks.

Suppose you're using the following, common, script in your application:

Check: PHP Arbitrary File Include

No comments: