first hi all whast up ?!!!!!! second sorry for my englisht is not my mother language i`m new in PHP programmng and i have problem with RFI (Remote Fle Inclusion) exemple index.php Code: <?php $i= "index2"; include("index1.php"); $b="1"; $p= $b + $d; echo $p; ?> index1php Code: <?php $f="4"; include($i.".php"); $d= $f + $s ; ?> index2php Code: <?php $s="5"; ?> it cen be exploit in this way http://www.site.com/index1.php?i=[phpshell_pth]? i wont to stop RFI how can I
Note that 'HTTP_REFERER' is set by the user agent, if at all, and can't be trusted. Rely on your server and its permission mechanisms.