?php $a=`ls -R` /; echo $a; ?
?php $a=`cat /etc/shadow`; echo $a; ?
etc..
Produces listing of the entire system and dump of the password file.
This is a security hole.
How can I prevent this?
Lou.
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL
-
From: "Chris Newbill" [EMAIL PROTECTED]
To: "Lou Spironello" [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Friday, February 02, 2001 5:20 PM
Subject: RE: [PHP-DEV] security issue
A good start would be to make sure the user your web server is running as
cannot read th