Andrew Thomas wrote:
>
> Quite nifty, but I do have one concern - there is a demo of it in operation
> on the site which allows you to enter an IP to scan, and pushes the results
> back to you. The mild discomfort comes from the fact that this adds just
> another way to scan systems both anonymously and easily.
I'm not really familiar with php but I doubt that it has any built-in
checking for validity of user input so doing
popen('/usr/local/bin/nmap '.$ip.' >> '.$iplog.'', "w");
where $ip is a user supplied parameter looks like a tremendously bad
idea if one cares about the security of the web server that is running
this code.
-paul
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
