Code Forums - View Single Post

DJMaze · 02-10-2006, 08:57 PM

It was just an example, i never said you could access that file.
Hack /usr/etc/passwd should not exist anyway.

I just showed the potential damage non-sanatized input could do.
If you want a real fully exploitable example i could give you one, but that would bring this whole topic out of context.

The guy asked how to easily load files and redhead gave the example. I just commented on that about the potential security risk involved.

A switch statement does prevent security risks but would ask a lot more coding then redhead's example.

PHP Code:

  <?php
if ( isset($_GET['page']) ) {
  if (preg_match('#^[a-z]+$#', $_GET['page']) && is_file($_GET['page'] . '.php') ) {
    include ($_GET['page'] . ".php");
  } else {
    // incorrect page name
    header('Location: http://example.com/');
  }
} else {
  include ("default.php");
}
?>

02-10-2006, 08:57 PM	#14 (permalink)
DJMaze Senior Contributor Join Date: Mar 2005 Posts: 745	It was just an example, i never said you could access that file. Hack /usr/etc/passwd should not exist anyway. I just showed the potential damage non-sanatized input could do. If you want a real fully exploitable example i could give you one, but that would bring this whole topic out of context. The guy asked how to easily load files and redhead gave the example. I just commented on that about the potential security risk involved. A switch statement does prevent security risks but would ask a lot more coding then redhead's example. PHP Code: `<?php if ( isset($_GET['page']) ) { if (preg_match('#^[a-z]+$#', $_GET['page']) && is_file($_GET['page'] . '.php') ) { include ($_GET['page'] . ".php"); } else { // incorrect page name header('Location: http://example.com/'); } } else { include ("default.php"); } ?>`