You have just posted a very easy to spot, very easy to exploit security
hole.
Here are just a few ways to exploit it.
Your first code block:
1. Request Variables, containing variables will be evaluated. (e.g.
$config[mysql_pass])
2. The keys will not be escaped
(file.php?a%3D1%3B+print+fil...
You have just posted a very easy to spot, very easy to exploit security
hole.
Here are just a few ways to exploit it.
Your first code block:
1. Request Variables, containing variables will be evaluated. (e.g.
$config[mysql_pass])
2. The keys will not be escaped
(file.php?a%3D1%3B+print+fil...
[ more ]