Remote File Injection

From SecurePHPWiki
Jump to: navigation, search

It is possible to convince a PHP script to use a remote file instead of a presumably trusted file from the local file system (WACT). See URL Wrappers.

Also see False Uploads.