|
|
 |
|
|
Thread Tools | Display Modes |
May 8th, 2005, 8:00 AM
|
#11 |
|
I eat cake for breakfast.
 
Join Date: Jul 2004
Location: In my box.
Posts: 4,434
Rep Power: 9
 |
Your code would have to be seriously screwed up to allow that through.
|
|
|
|
May 8th, 2005, 9:32 AM
|
#12 |
|
Professional Programmer
Join Date: May 2005
Location: Woo - Boot Sector!
Posts: 294
Rep Power: 4
|
Hmm well whatever i think i read it somewhere, but whatever maybe i was thinking of soumething else?!
EDIT: yeah i did... basically if the page is as such: http://www.domainnamehere.com/index.php?page=main.php then you can change ?page=main.php to something like ?page=/etc/passwd which in turn will list the contents of that directory (presuming it's a linux box) on the original web page... Maybe it's different for the specific example given above but what i have just explained definately works... take that 
__________________
www.heldtogether.co.uk Last edited by LOI Kratong; May 8th, 2005 at 9:41 AM. |
|
|
|
|
May 8th, 2005, 11:08 AM
|
#13 |
|
I eat cake for breakfast.
Join Date: Jul 2004
Location: In my box.
Posts: 4,434
Rep Power: 9
|
Ah yes... you have to implement some sort of security to prevent people from including any page.
|
|
|
|
|
May 8th, 2005, 11:42 AM
|
#14 |
|
Professional Programmer
Join Date: May 2005
Location: Woo - Boot Sector!
Posts: 294
Rep Power: 4
|
I'm not sure how you'd go about that though??? It's quite amazing what you pick up reading random stuff.
Would you look at that!! The seemingly random link i posted is real!! My trick doesn't work on that though...
__________________
www.heldtogether.co.uk |
|
|
|
|
May 8th, 2005, 12:51 PM
|
#15 |
|
I eat cake for breakfast.
Join Date: Jul 2004
Location: In my box.
Posts: 4,434
Rep Power: 9
|
Simple: if it isn't in a list of allowed pages, don't include it. Include your home page instead.
|
|
|
|
|
May 9th, 2005, 2:23 AM
|
#16 |
|
Professional Programmer
Join Date: May 2005
Location: Woo - Boot Sector!
Posts: 294
Rep Power: 4
|
Ye that's one way i suppose, you could always just not use the insecure method and, just have actual links to stuff ?! the old fashioned way...
__________________
www.heldtogether.co.uk |
|
|
|
|
May 9th, 2005, 7:44 AM
|
#17 |
|
Programming Guru
Join Date: Oct 2004
Posts: 1,041
Rep Power: 5
   |
New technology requires new knowledge.
__________________
|
|
|
|
|
May 9th, 2005, 10:02 AM
|
#18 |
|
Professional Programmer
Join Date: May 2005
Location: Woo - Boot Sector!
Posts: 294
Rep Power: 4
|
Wise statement tempest, rather ironic though...
The new technology would never have arisen if the old knowledge wasn't put into practice
__________________
www.heldtogether.co.uk |
|
|
|
|
May 12th, 2005, 3:47 PM
|
#19 |
|
Professional Programmer
Join Date: May 2005
Location: Detroit
Posts: 254
Rep Power: 4
 |
If you tell the include to go to a folder you'll be fine. like <? include('/pages/' .$id.') ?> instead of <? include('$id') ?> you should be ok. Unless yah, you can include anything accessible on the web into your script-or someone else can. In regards to Crypter's original Q, I did a tut on it almost 3 years ago (revised about 2.5 years ago) but it still applies. http://www.roundspringfield.com/tutorials/PHP.pdf is the file . Obviously you want to add in the $id = $_get[id] part but it'll make more sense like this.
|
|
|
|
|
May 31st, 2005, 12:49 AM
|
#20 |
|
Hobbyist Programmer
Join Date: May 2005
Location: Scranton, PA
Posts: 112
Rep Power: 0
|
Here's a tip, when there's an equals sign involved, you'll want your variables like this:
$a['b'] without the apostrophes, your page is injectible, not good in certain cases. Here's a random example that I think might help you out A text game... where there's a shop that you can buy potions, and the URL to buy potions would go like potions.php?ammount=10 NOTE: for the example coins is the currency and the code goes something like this: $ammount=$_GET['ammount'];
if($ammount){
$price=$ammount*250;
if($price<=$character['money']){
$character['money']=$character['money']-$price;
$character['potions']=$character['potions']+$ammount;
echo"You bought $ammount potions for $price coins.";
}elseif($price>$character['money']){
$difference=$price-$character['money'];
echo"It costs $price coins to buy $ammount potions, you need $difference more coins.";
}
}That way MIGHT be undesirable... If you had 3 links there, one to buy 1 potion, one to buy 10 potions, and the last to buy 25 potions, and you had it to where the more you bought the less you're paying; you can't have someone entering in 100 and getting a fat discount. so the code would go more like this... $ammount=$_GET['ammount'];
if($ammount){
if($ammount=1){
$price="250";
}elseif($ammount=10){
$price=2400; /////250*10-100
}elseif($ammount=25){
$price=6000; /////250*25-250
}else{
echo"BAD! Bad cheater... BAD!";
exit;
}
if($price<=$character['money']){
$character['money']=$character['money']-$price;
$character['potions']=$character['potions']+$ammount;
echo"You bought $ammount potions for $price coins.";
}elseif($price>$character['money']){
$difference=$price-$character['money'];
echo"It costs $price coins to buy $ammount potions, you need $difference more coins.";
}
}I wrote that simply out of boredom |
|
|
|
|
| Bookmarks |
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | |
| Display Modes | |
|
|
Linear Mode
