Vulnerability Development mailing list archives
Re: PHP and SCRIPT_NAME variable
From: contact () eder-harald com
Date: 21 Feb 2006 22:00:18 -0000
Hi, as far as I know the elements of the $_SERVER array are filled by the webserver and therefore a manipulation through a php trick might by difficult.
From my opinion it will be easier to alter this values through a trick on the webserver for instance by using a bug in Apache but I do not know about any which might do this.
Anyway, its quite a interesting point of view because many php scripts use the $_SERVER['REMOTE_ADDR'] value for their session management und maybe some other array items too. But it would be also quite interesting if php uses the items of this array to do something or if its just an array with no effect for the php scripts. Does anybody know more about this?
Current thread:
- PHP and SCRIPT_NAME variable Roman Medina-Heigl Hernandez (Feb 21)
- <Possible follow-ups>
- Re: PHP and SCRIPT_NAME variable contact (Feb 21)
- Message not available
- Re: PHP and SCRIPT_NAME variable Harald Eder (Feb 22)
- Re: PHP and SCRIPT_NAME variable Serg Belokamen (Feb 23)
- Re: PHP and SCRIPT_NAME variable Roman Medina-Heigl Hernandez (Feb 23)
- Message not available