Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'SECURITY VULNERABILITY' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
SECURITY VULNERABILITY
Authored by: prnl on Jan 21, '09 09:58:19AM

Please don't! This lame code allows anybody to execute any shell command they want! (attacker can remotely take over your machine)

To be secure, every use of variable data in shell arguments MUST be filtered using escapeshellarg() command. Shell-specific escapes are neccessary, as PHP's magic_quotes (and addslashes()) is not sufficient for shell.



[ Reply to This | # ]