Can someone execute a php function in my library but not called on the viewed page?
Question
Let's say I have a php file, test.php with 2 functions: test1() and test2().
If I have an external php file, index.php, with include(test.php) in its code. If in the index.php file has a reference to test1() but not test2(), is there any way that someone would be able to execute test2() by doing something malicious while using the index.php file?
2 answers
solution1
3 ACCPTED 2010-05-24 23:38:03
The only way they could execute arbitrary code is through a code injection vulnerability.
Here's an oversimplified example:
<?php
$runthis = $_GET["runthis"];
$runthis();
So an attacker could invoke your script as http://example.com/index.php?runthis=test2 and then it would run your test2() function.
Read more about code injection at the wikipedia article I linked to above, or at the OWASP site.
solution2
1 2010-05-24 23:09:00
When you say "using", do you mean like an end user in their browser? No, they can't run arbitrary code.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.