On Sun, 5 May 2002, Teemu Pentinsaari wrote: >>> It could be what I was typing in the url bar. >>> >>> file.php?file=foobar.inc >> >> 1) Try include $_GET['file']; >> >> 2) Let me know where your server is so I can go to >> >> http://your.server/file.php?file=/etc/passwd > > You might want to use .php file extension and /include/ directory to prevent > Miquel stealing your pressious passwords :))
http://your.server/file.php?file=../../../etc/passwd%00 miguel -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
