This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "PHP File Inclusion"
From OWASP
| Line 1: | Line 1: | ||
| + | {{Template:Stub}} | ||
{{Template:Vulnerability}} | {{Template:Vulnerability}} | ||
| − | |||
| + | __TOC__ | ||
| − | [[ | + | [[ASDR Table of Contents]] |
Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}''' | Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}''' | ||
| − | |||
| − | |||
| − | |||
| − | |||
[[Category:FIXME|Stub article, needs review]] | [[Category:FIXME|Stub article, needs review]] | ||
| − | + | [[Category:FIXME|This is the text from the old template. This needs to be rewritten using the new template.]] | |
==Description== | ==Description== | ||
| Line 95: | Line 92: | ||
[[Category:OWASP ASDR Project]] | [[Category:OWASP ASDR Project]] | ||
[[Category:PHP]] | [[Category:PHP]] | ||
| + | [[Category:Vulnerability]] | ||
Revision as of 14:50, 5 November 2008
This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.
This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.
Last revision (mm/dd/yy): 11/5/2008
Description
PHP as many other languages allow the inclution of files in order to provide or extend the functionality of the current file.
Risk Factors
TBD
Examples
<?PHP include '/path/filename.php'; include_once 'path/filename.class.php'; require '../path/filename.inc'; require_once 'filename.inc.php'; ?>
Related Attacks
- Remote file inclusion using variables from the request POST or GET
Related Vulnerabilities
Related Controls
Related Technical Impacts
References
Note: A reference to related CWE or CAPEC article should be added when exists. Eg:
