On Thu, 2005-06-02 at 07:29 -0700, Bill Moseley wrote:
> On Thu, Jun 02, 2005 at 07:02:56AM -0700, Roman Chyla wrote:
> > [Thu Jun 02 15:52:43 2005] [warn] exec() may not be safe
> Is that from PHP?
I believe it is from Apache when running on systems with an insecure
shell. (i.e. Windows 9x) There's no way to escape anything in the DOS
shell. One could easily take over the entire computer from a script
running on the web server.
ICQ - 412039
Received on Thu Jun 2 07:47:51 2005