====== Global Variable Attack ======

Using HTTP GET/POST parameters to inject arbitrary values into uninitialized global variables in a PHP script.  Generally this vulnerability is not a major threat anymore as most webmasters have "register globals" off by default, and PHP ships with them off.

===== Exploited Vulnerability =====

  * [[security:functions:request_functions|Security sensitive request functions]].
  * [[security:risk:global_variable|Global Varaible Vulnerability]]

===== Remedy ====

  * **Turn register globals off**.
  * Don't use global variables.
  * Encase your code in functions and methods.
  * Always declare a default value for a global variable in global scope before any other code is executed.

===== Additional Information =====

  * [[http://www.php.net/manual/en/security.registerglobals.php|Register Globals]]
  * See [[security:web_application_security|web application security]] and [[catalog|security attacks catalog]].