hi, i create a script to view the source of php files now i don't want the whole world to know my MySQL and other passes he so i found a security hole in the script i wrote i call it like this
http://www.mydomain.com/source.php?file_name=myfile.php now i have a file called "dbinfo.php" this fill contains my MySQL pass and i found if you call the script like this http://www.mydomain.com/source.php?file_name=DbInfo.php the whole source code including my pass is visible !!!! is php capable of removing the uppercase characters so DbInfo becomes dbinfo wich is blocked already tryed with strtolower() but no luck help ! here you have the source regards Erik -- PHP Install Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
