Difference between revisions of "PHP File Inclusion"

From OWASP
Jump to: navigation, search
Line 1: Line 1:
 +
{{Template:Stub}}
 
{{Template:Vulnerability}}
 
{{Template:Vulnerability}}
{{Template:Stub}}
 
  
 +
__TOC__
  
[[Category:FIXME|This is the text from the old template. This needs to be rewritten using the new template.]]
+
[[ASDR Table of Contents]]
  
  
 
Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}'''
 
Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}'''
  
[[ASDR_TOC_Vulnerabilities|Vulnerabilities Table of Contents]]
 
 
[[ASDR Table of Contents]]
 
__TOC__
 
  
 
[[Category:FIXME|Stub article, needs review]]
 
[[Category:FIXME|Stub article, needs review]]
 
+
[[Category:FIXME|This is the text from the old template. This needs to be rewritten using the new template.]]
  
 
==Description==
 
==Description==
Line 95: Line 92:
 
[[Category:OWASP ASDR Project]]
 
[[Category:OWASP ASDR Project]]
 
[[Category:PHP]]
 
[[Category:PHP]]
 +
[[Category:Vulnerability]]

Revision as of 09:50, 5 November 2008

This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.


This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.


Contents


ASDR Table of Contents


Last revision (mm/dd/yy): 11/5/2008

Description

PHP as many other languages allow the inclution of files in order to provide or extend the functionality of the current file.

Risk Factors

TBD


Examples

<?PHP include '/path/filename.php'; include_once 'path/filename.class.php'; require '../path/filename.inc'; require_once 'filename.inc.php'; ?>

Related Attacks

  • Remote file inclusion using variables from the request POST or GET


Related Vulnerabilities

Related Controls


Related Technical Impacts


References

Note: A reference to related CWE or CAPEC article should be added when exists. Eg: