Bugtraq mailing list archives
Re: php mail function bypass safe_mode restriction
From: Jon Ribbens <jon+bugtraq () unequivocal co uk>
Date: Thu, 19 Jul 2001 20:05:45 +0100
Laurent Sintes <sintes () nfrance com> wrote:
extra_cmd = php_escape_shell_arg(Z_STRVAL_PP(argv[4])); But it is not a suffisant check because php_escape_shell_arg does not escape all charaters.
False. escape_shell_arg will successfully escape all characters from shells.
Current thread:
- php mail function bypass safe_mode restriction Laurent Sintes (Jul 18)
- Re: php mail function bypass safe_mode restriction Salim Gasmi (Jul 18)
- Re: php mail function bypass safe_mode restriction Laurent Sintes (Jul 19)
- <Possible follow-ups>
- Re: php mail function bypass safe_mode restriction Laurent Sintes (Jul 19)
- Re: php mail function bypass safe_mode restriction Jon Ribbens (Jul 19)
- Re: php mail function bypass safe_mode restriction Stuart Moore (Jul 19)
- Re: php mail function bypass safe_mode restriction Salim Gasmi (Jul 18)