[PHP-INST] well i need help
by Erik other posts by this author
Aug 15 2002 10:42PM messages near this date
RE: [PHP-INST] It's not working!
|
Re: [PHP-INST] Re: php 4.2.2, apache 2.0.40 make problem from source
hi,
i create a script to view the source of php files now i don't want the whole
world to know my MySQL and other passes he so i found a security hole in the
script i wrote
i call it like this
http://www.mydomain.com/source.php?file_name=myfile.php
now i have a file called "dbinfo.php" this fill contains my MySQL pass and i
found if you call the script like this
http://www.mydomain.com/source.php?file_name=DbInfo.php
the whole source code including my pass is visible !!!!
is php capable of removing the uppercase characters so DbInfo becomes
dbinfo wich is blocked
already tryed with strtolower() but no luck help ! here you have the source
regards
Erik
--
PHP Install Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
|
