FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » General » PHP discussions » mail() vulnerability up to php 4.2.2
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: mail() vulnerability up to php 4.2.2 [message #7210 is a reply to message #7209] Tue, 12 November 2002 02:12 Go to previous message
Ilia is currently offline  Ilia   Canada
Messages: 13241
Registered: January 2002
Karma:
Senior Member
Administrator
Core Developer
This vunreability is rather 'bogus', it only affects admins who think they've secured their PHP installation by using safe_mode. This particular 'vunreability' allow the user on the server to use PHP's mail() function to execute command by using the 5th argument.
This is fairly harmless since the commands will be executed as the user running the script, in web server enviroment the 'nobody' user...


FUDforum Core Developer
[Message index]
 
Read Message
Read Message
Previous Topic: restricting access to binaries via php?
Next Topic: Help! mail() isn't working...
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sat Nov 30 20:52:14 GMT 2024

Total time taken to generate the page: 0.03133 seconds