[RESOLVED] Security check post

vaaaska

I'm just curious about this...I can't think of a way that a hacker could get by this but I thought I would post about it anyways...

Here's the scnenario.

// afile.php

if (isset($_POST['submitted'])) {

  submitPost(); // included from next file

}

The included file:

<?php

// theinclude.php

function submitPost() {

// stuff happens here

}
?>

Don't consider validation or anything, just the basics of what is here. Also, this is a secure setup where a user only has access to everything via password.

I'm trying to think of someway that a hacker might simply call up 'theinclude.php' page and run the function remotely. I could see them $_POSTing to it remotely but I see no way that they could get the function to run.

Any thoughts?

devinemke

vaaaska wrote:
I'm trying to think of someway that a hacker might simply call up 'theinclude.php' page and run the function remotely. I could see them $_POSTing to it remotely but I see no way that they could get the function to run.

if "theinclude.php" resides in a public directory then anyone can point their browser to http://www.vaaaska.com/theinclude.php but this will only return any output that the script produces. if all that the script does to define a fucntion then there is no way of running that fucntion remotely that way.

vaaaska

Yep...this is what I thought. The file simply contains a function. I just wanted to be sure there isn't some exploit out there that will muck things up. Thanks...