Table of Contents
Global Variable Attack
Using HTTP GET/POST parameters to inject arbitrary values into uninitialized global variables in a PHP script. Generally this vulnerability is not a major threat anymore as most webmasters have “register globals” off by default, and PHP ships with them off.
Exploited Vulnerability
Remedy
- Turn register globals off.
- Don’t use global variables.
- Encase your code in functions and methods.
- Always declare a default value for a global variable in global scope before any other code is executed.