From owner-freebsd-questions@FreeBSD.ORG Wed Mar 23 17:15:01 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4A736106566B for ; Wed, 23 Mar 2011 17:15:01 +0000 (UTC) (envelope-from paul@ifdnrg.com) Received: from ifdnrg29.ifdnrg.com (outbound.ifdnrg.com [193.200.98.138]) by mx1.freebsd.org (Postfix) with ESMTP id D452B8FC12 for ; Wed, 23 Mar 2011 17:15:00 +0000 (UTC) Received: from [192.168.1.85] (93-97-172-73.zone5.bethere.co.uk [93.97.172.73]) (authenticated bits=0) by ifdnrg29.ifdnrg.com (8.14.4/8.14.4) with ESMTP id p2NHEvUa016141 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Wed, 23 Mar 2011 17:14:58 GMT (envelope-from paul@ifdnrg.com) Message-ID: <4D8A2A90.4040407@ifdnrg.com> Date: Wed, 23 Mar 2011 17:14:56 +0000 From: Paul Macdonald User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.15) Gecko/20110303 Thunderbird/3.1.9 MIME-Version: 1.0 To: Gary Kline References: <20110323164504.GA25317@thought.org> In-Reply-To: <20110323164504.GA25317@thought.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: FreeBSD Mailing List Subject: Re: why does this simple counter fail? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Mar 2011 17:15:01 -0000 On 23/03/2011 16:45, Gary Kline wrote: > Guys, > > Can any of you php hackers tell me why this simple self-hacked > counter bomb? > > appended. > > tia. $file doesn't look to be set anywhere if its a web script ( as opposed to cmd line cli) tyhen its probably passed as a POST or GET variable., register_globals needs to be on for this variable to be auto set, if the form is submitted via POST, change script to: $directory="./countdir/"; $file=$_POST['file']; .... if the form is submitted via GET (you'd see the file=variable in the address bar), change script to: $directory="./countdir/"; $file=$_GET['file']; .... Of course you want to sanitise this $file variable so that it can't be hacked. -- ------------------------- Paul Macdonald IFDNRG Ltd Web and video hosting ------------------------- t: 0131 5548070 m: 07534206249 e: paul@ifdnrg.com w: http://www.ifdnrg.com ------------------------- IFDNRG 40 Maritime Street Edinburgh EH6 6SA -------------------------