Zend PHP 5.3 Certification Exam


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35
  • Question 27/35

    Consider the PHP program (which includes a file specified by request):

    
    <?php
       $color 'blue';
       if (isset( $_GET['COLOR'] ) )
           $color $_GET['COLOR'];
       require( $color '.php' );
    ?>
    
    <form method="get">
         <select name="COLOR">
            <option value="red">red</option>
            <option value="blue">blue</option>
         </select>
         <input type="submit">
    </form>
    
    A malicious user injects the following command:
    
    /vulnerable.php?COLOR=C:\\notes.txt%00
    
    where vulnerable.php is a remotely hosted file containing an exploit. What does the malicious user want to do?