Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
how to create and write a file using url parameters
for example:
web.com/index.php?name=test.txt?input=halloworld
file name should be test.txt and its content must be halloworld.
this is what i have so far
if(isset($_GET['name']))
{
$File = $_GET['name'];
$Handle = fopen($File, 'w');
$Data = $_GET['input'];
fwrite($Handle, $Data);
fclose($Handle);
}
file output = test.txt?input=halloworld which is wrong
thank you.
Your error is in using ? instead of & in your url, it should be
web.com/index.php?name=test.txt&input=halloworldThat said you should never do things like this, because it’s extremely dangerous. In that way you’re exposing your server to any kind of attacks or defacing. An attacker could easily write a php file on your webserver and take control of it.
Keep that in mind.
Edit: I wrote it in question comment, but I rewrite it here, what if an attacker invoke your script with this parameters:
and then request the url
Your filesystem will be wiped out (if the user has privileges to do that). Other kind of attacks could be more subtle, one could inject a php shell in your server, and so on.