FUDforum: PHP discussions » mail() vulnerability up to php 4.2.2

Home » General » PHP discussions » mail() vulnerability up to php 4.2.2

Show: Today's Messages :: Polls :: Message Navigator

Re: mail() vulnerability up to php 4.2.2 [message #7210 is a reply to message #7209]

Tue, 12 November 2002 02:12

Ilia

Messages: 13241
Registered: January 2002

Karma:

Senior Member
Administrator
Core Developer

This vunreability is rather 'bogus', it only affects admins who think they've secured their PHP installation by using safe_mode. This particular 'vunreability' allow the user on the server to use PHP's mail() function to execute command by using the 5th argument.
This is fairly harmless since the commands will be executed as the user running the script, in web server enviroment the 'nobody' user...

FUDforum Core Developer

Report message to a moderator

[Message index]

		mail() vulnerability up to php 4.2.2 By: Olliver on Tue, 12 November 2002 01:51
		Re: mail() vulnerability up to php 4.2.2 By: Ilia on Tue, 12 November 2002 02:12

Previous Topic:	restricting access to binaries via php?
Next Topic:	Help! mail() isn't working...

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Sat Nov 23 15:50:09 GMT 2024

Total time taken to generate the page: 0.03990 seconds