Archive for the ‘LFI’ Tag
(evil) Register Globals (on)
Posted November 7, 2007
Filed under: Injection, LFI, RFI | Tags: bypass, Injection, LFI, PHP, register_globals, RFI, security
Comments (2)
Filed under: Injection, LFI, RFI | Tags: bypass, Injection, LFI, PHP, register_globals, RFI, security
Comments (2) The register_globals directive is enabled (register_globals = On) by default in PHP versions 4.2.0 and greater in the php config (php.ini). While it doesn’t represent a security vulnerability, it’s a security risk.
Why is it a security risk? Let’s look at this example:
Advertisements
