Security hasard
Brought to you by:
divzero
Menu
▾
▴
#1 Security hasard
The showsrc script doesn't filter filenames passed as
the $src parameter, which can allow anyone to read all
files on the webserver accessible to the user context in
which PHP runs.
here is an example of url that allows anyone to display
the source of the php page itself :
http://showsrc.sourceforge.net/showsrc/showsrc.php?
src=showcrc.php
This is potentially harmful because anyone could
access to sensitive information on the server.
