1 (edited by Engel_512 2012-11-09 6:15:35 PM)

Topic: RFI attack

Hi all,

I'm not sure if anybody wrote about that problem but for me it's pretty new.....
in my error_log I've seen PHP Warning: 

parse_url(/?http://www.ergunpneus.be/help/log) [<a href='function.parse-url'>function.parse-url</a>]: Unable to parse URL in /home/q99385qp/public_html/xajax/xajax_core/xajaxAIO.inc.php on line 543

so I thought, I'll  check what it is

How to reproduce this issue : just call the website where you use xajax and do not use any argument but just force detecting URI:


Pls let me inform - maybe I missed something - but some function shall stop theirs workflow, isn't ?!

How to make the code safer !?

Re: RFI attack

yep str_replace solved problem

see : http://community.xajaxproject.org/topic … efect-xss/