SAMATE Logo NIST Logo The SAMATE Project Department of Homeland Security
Downloads:  Download this Test Case #1950

Back to the previous page... Back to the previous page

Test Case IDCandidate1950
Bad / Good / MixedBadBad test case
Author
Associations
Test suite: 31  
Added byRomain Gaucher
LanguagePHP
Type of test caseSource Code
Input string
Expected Output
Instructions
Submission date2007-03-13
DescriptionThe test case exposes a PHP Include Vulnerability. The defense mechanism uses the Apache DOCUMENT_ROOT information to check that the included file is in your document root.
File(s)
Flaw

There are no comments
Have any comments on this test case? Please, .

File Contains:
CWE-098: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') on line(s): 28