kranium |
Regular user |

 |
|
Joined: Jun 27, 2004 |
Posts: 7 |
|
|
|
 |
 |
 |
|
hi folks
i've been studying php exploits, and recently i was watching waraxe-2004-SA#036 and found a thing that i don't understand....
you use an unitializated variable to inject some SQL, but my question is: doesn't 99,9% of hosts run without REGISTER_GLOBALS ON? I've tryed this exploit in a variaty of targets and worked 100%!!
Am I missing something? Or can I initializate a variable in a URL on a host without REGISTER_GLOBALS ON??
sorry my bad english, but I really can't understand this.. |
|