<?php $a=`ls -R` /; echo $a; ?>
<?php $a=`cat /etc/shadow`; echo $a; ?>
Produces listing of the entire system and dump of the password file.

This is a security hole.

How can I prevent this?


PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to