To get around this, I made a small shell script which runs as root.  The php
page calls the script via the system call.  All the shell script does is
move a specific file from tmp to a specific location.

I'm probably asking for someone to exploit it, but I don't know exactly what
they can do.


PHP Database Mailing List (
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to