Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: PHP and SCRIPT_NAME variable

From: contact () eder-harald com
Date: 21 Feb 2006 22:00:18 -0000
Hi,

as far as I know the elements of the $_SERVER array are filled by the webserver and therefore a manipulation through a 
php trick might by difficult.


From my opinion it will be easier to alter this values through a trick on the webserver for instance by using a bug in 
Apache but I do not know about any which might do this.


Anyway, its quite a interesting point of view because many php scripts use the $_SERVER['REMOTE_ADDR'] value for their 
session management und maybe some other array items too.

But it would be also quite interesting if php uses the items of this array to do something or if its just an array with 
no effect for the php scripts. Does anybody know more about this?
Previous By Date Next
Previous By Thread Next

Current thread: