Ruslan Sivak wrote on Wed, 30 Apr 2008 10:29:25 -0400:
And inside index.php it does something like
<? include($_GET['page'].".php") ?>
This is a gross simplification, but it's my understanding that if the file was named 'foo.php' and someone typed in
did you mean page=Foo ?
I hope that was really just an example. If you take that input unchecked and include other files with it your security is non-existant.
It would still work on windows, but not on linux because of case sensitivity.
Simple: downcase all variable input that you need for further processing.
If it's not external input, but your application simply does not differentiate between cases and sometimes includes "Somepage.php" and sometimes" somepage.php" that is really bad programming and it's also easily solved by a find/replace. Nothing big.
Kai