PHP include attack -
i can understand open_basedir ini setting when reading documentation describes how protects against include attacks - whereby attacker can include files attack system.
i cant find illustration of , is.
can illustration provided of such attack
you can include files of other users on server.
so filebase: /home/marty/
another users filebase: /home/user231
without open_basedir (and wrong filepermissions), can include other users file:
include("/home/user231/public_html/connection.php"); or:
file_get_contents("/home/user231/public_html/connection.php"); php
No comments:
Post a Comment