Hi, Fast silly question: let's suppose a .php where you have: - a variable $template, which could be set up by an attacker -the script creates a new variable adding a file-extension: $file = $ template + ".txt" - finally it does a open($file). Well, it is quite evident that an attacker could easily read any .txt file on the system. But, would it be possible for an attacker to read *any* file (with *any* extension)? (for instance, /etc/passwd). In perl there are some tricks like %00 that could help us to get rid of the file extension, but I don't know of any similar trick in .php. Regards, --Roman
This archive was generated by hypermail 2b30 : Fri May 31 2002 - 08:45:00 PDT