gilabean
asked on
Remote access scripts to steal variables
Hello,
I am wondering if the following hacking method is possible to attack a website?
a) a direct include of php script remotely
b) print out all variables as if a normal include
Scenerio:
<?php
include('http://sometestserver.com/login.php');
echo '<pre>';
print_r(get_defined_vars() );
echo '</pre>';
?>
Can this be possible? -or are there other alternative? using socket perhaps?
The danger here is the possiblity of exposing my db. Cause many of my project sql stmt are stored in a variable. Eg. $sql_var = " SELECT this_field1, this_field2 FROM that_table". By using print_r(get_defined_vars() ), can all my data be exposed?
Reason for this question is I would like to know ways to protect my data from exposed to hackers.
Kindly advise.
Thank you..
I am wondering if the following hacking method is possible to attack a website?
a) a direct include of php script remotely
b) print out all variables as if a normal include
Scenerio:
<?php
include('http://sometestserver.com/login.php');
echo '<pre>';
print_r(get_defined_vars()
echo '</pre>';
?>
Can this be possible? -or are there other alternative? using socket perhaps?
The danger here is the possiblity of exposing my db. Cause many of my project sql stmt are stored in a variable. Eg. $sql_var = " SELECT this_field1, this_field2 FROM that_table". By using print_r(get_defined_vars()
Reason for this question is I would like to know ways to protect my data from exposed to hackers.
Kindly advise.
Thank you..
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I'm just wondering how can we set the files to be shared over remote includes? I just want to double check whether my server is vulnerable to this kind of attack or not.