Find the answer to your Linux question:
Results 1 to 2 of 2
Any discussion on the pro/cons of allowing php to use the exec funtion is welcome. Why would you want to ban it? What bad could a user do, isn't the ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux Guru
    Join Date
    Mar 2003
    Location
    Wisconsin
    Posts
    1,907

    exec


    Any discussion on the pro/cons of allowing php to use the exec funtion is welcome. Why would you want to ban it? What bad could a user do, isn't the code part of the html anyway? How would they modifiy to run a command, etc...

    Thanks all,
    Jeremy
    Registered Linux user #346571
    "All The Dude ever wanted was his rug back" - The Dude

  2. #2
    Linux User
    Join Date
    Feb 2005
    Posts
    290
    1) upload a ready made exploit to my home directory
    2) run it (with exec, passthru, whatever)
    3) tada, a shell awaiting for me, instruct it to create an bash with SUID in my home directory
    4) the rest is left with your imagination .....

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •