Archive for the ‘LFI’ Tag
(evil) Register Globals (on)
The register_globals directive is enabled (register_globals = On) by default in PHP versions 4.2.0 and greater in the php config (php.ini). While it doesn’t represent a security vulnerability, it’s a security risk.
Why is it a security risk? Let’s look at this example: