Hello, i registered in an beta stage advertising system which want me to add their code to my website: define('XY_USER', 'dg6z247h5hj8d9s7gh3l2.54lo5f'); require_once($_SERVER['DOCUMENT_ROOT'].'/'.XY_USER.'/script.php'); $xy = new SeolinkClient(); echo $xy->return_links(); i want to ask how they can abuse my site if they add some malicious code in their script.php file? Can they get my mysql credentials or even hosting account login details? Can they somehow harm my site visitors? Thank you
I mean they could basically include anything that they would like if they wanted, so sure, full access to your files and mysql.