Technique
- • Attacker changes value of our variable
- • Usually with register_globals
- • Also from included files
Risks
- • Unauthorized gain of access rights
- • SQL injection
- • ...
- • Initialize variables
- • For the sake of security
- • Separation of included files
Defense
- • Initialize all variables
- • Turn off register_globals
- • Access outside data through $_GET and co.
- • Errors E_NOTICE detect some problems
- • Warns also about working with non-existing keys of initialized array
- • Doesn't warn about adding elements to uninitialized array
Tasks
- • Fool page with wrong initialization if register_globals is enabled
- • Fool page with wrong array initialization hoping that E_NOTICE will save its live
