Archive for November 29th, 2007

Beware of remote code injection exploit in PHP!

PHP is kind of convenient to build web pages that have common header and footer. This is the technique we normally use when coming to building corporate web sites to maintain same look and feel over the entire websites. For example in the following piece of code (index.php), it shows you how it’s used.

The index.php
<?php
      $page = $_REQUEST['p'].”.inc.php”;
      include “header.inc.php”;
      include $page;
      include “footer.inc.php”;
?>

Continue reading ‘Beware of remote code injection exploit in PHP!’