Results 1 to 12 of 12
  1. #1

    Dangerous php functions

    What would constitute a dangerous php function?

  2. #2
    Join Date
    Feb 2003
    Location
    Southern California
    Posts
    42
    i see this alot, bad php coders out there...

    <PHP
    $path=$_GET['path'];

    include("$path");
    ?>

  3. #3
    Join Date
    Jul 2002
    Location
    Kuwait
    Posts
    10,573
    i think he meant dangerous php functions to disable the use of users?
    Bashar Al-Abdulhadi - KuwaitNET Internet Services Serving customers since 1997
    Kuwait's First Webhosting and Domain Registration provider - an ICANN Accredited Registrar

    Twitter: Bashar Al-Abdulhadi

  4. #4
    Join Date
    Sep 2002
    Location
    Western Canada
    Posts
    1,888
    phpinfo, system, chown, chmod, exec, passthru, readfile, dir, read, readdir

    YMMV

  5. #5
    dl , exec, passthru, proc_open, proc_close, shell_exec, system
    Like us on Facebook to qualify for discounts!
    http://www.sprintserve.net
    Offering: | Internap FCP Bandwidth! | Rebootless Kernel Updates! | Magento Optimized Hosting | Wordpress Hosting |
    Services: | Managed Multiple Cores 64bit Servers | Server Management |

  6. #6
    Join Date
    Jul 2002
    Location
    Kuwait
    Posts
    10,573
    that would break alot of nice softwares to run
    Bashar Al-Abdulhadi - KuwaitNET Internet Services Serving customers since 1997
    Kuwait's First Webhosting and Domain Registration provider - an ICANN Accredited Registrar

    Twitter: Bashar Al-Abdulhadi

  7. #7
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,294
    to stop most software attacks

    system, exec, shell_exec, passthru
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  8. #8
    Join Date
    May 2003
    Location
    Florida
    Posts
    877
    Originally posted by thelinuxguy
    to stop most software attacks

    system, exec, shell_exec, passthru
    While this sounds like a good idea, would disabling these functions break a lot of programs?

  9. #9
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,294
    not many scripts use these functions while alot use these

    readfile, dir, read, readdir

    such as phpmyadmin
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  10. #10
    SYSTEM

  11. #11
    You can't disable readfile, dir, read, readdir
    If you have nuke scripts in any of your accounts

  12. #12
    why to disable all these?!

    just use basedir and safe mode...and all these functions can't harm :>

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •