GoFuckYourself.com - Adult Webmaster Forum - View Single Post

hypnos · 02-18-2004, 04:09 PM

That is a dangerous piece of code. What if I request:

http://hostname/punisher.php?file=/etc/passwd

You guessed it! I can see all the valid users on your system. There are many other files I can see also.

Please don't use this code!!!

You should sanitize the vars before using them, or else you might get hacked

If I hadn't seen the code, it wouldn't be as easy to snoop your system. But smart hackers/crackers will test a bunch of stuff to see what works.

I hope everyone understands how serious this can be!

I'd edit this post Mojo and remove the code before others use it.

02-18-2004, 04:09 PM
hypnos Registered User Join Date: Aug 2001 Posts: 6	That is a dangerous piece of code. What if I request: http://hostname/punisher.php?file=/etc/passwd You guessed it! I can see all the valid users on your system. There are many other files I can see also. Please don't use this code!!! You should sanitize the vars before using them, or else you might get hacked If I hadn't seen the code, it wouldn't be as easy to snoop your system. But smart hackers/crackers will test a bunch of stuff to see what works. I hope everyone understands how serious this can be! I'd edit this post Mojo and remove the code before others use it.