Hello,
I performed some tests using the backticks operator
and the system() call.
This is my.php :
<?
/*-----------------------------------------------------------*/
header("Pragma: no-cache"); // HTTP/1.0
header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
?>
<HTML>
<head>
<title> uhmmmm </title>
</head>
<body>
I am
<?
$fldr = "d:\\winnt";
system("g:\\cygwin\\bin\\whoami");
echo "<br>";
$k = sprintf( `dir $fldr` );
$k = str_replace ("<", "<", $k );
$k = str_replace (">", ">", $k );
$k = str_replace ("\n", "<br>", $k );
echo "\$k = $k";
?>
</body>
</html>
this is the output:
I am SYSTEM
$k = Volume in drive D is WIN2KSRV
Volume Serial Number is 58D7-73D6
Directory of d:\winnt
06/25/2003 05:36p <DIR> .
06/25/2003 05:36p <DIR> ..
05/30/2003 11:46a 21,107 Active Setup Log.txt
05/29/2003 05:14p <DIR> addins
05/29/2003 06:20p <DIR> Application Compatibility Scripts
05/30/2003 10:15a <DIR> AppPatch
12/07/1999 02:00p 1,272 Blue Lace 16.bmp
05/30/2003 04:40p <DIR> Cache
05/30/2003 01:40p 24,106 certocm.log
12/07/1999 02:00p 82,944 clock.avi
12/07/1999 02:00p 17,062 Coffee Bean.bmp
05/29/2003 04:27p 1,038 COM+.log
.....
and so on
My problem is that it works too much ;-)
because the SYSTEM account can read everywhere in my win partition.
Is it possible to have the command executed by the user
IUSR_machinename instead of SYSTEM ?
In this case I can set up proper right in order to prevent access
to certain sensitive folders....
TIA, bye,
___________________________________________________________________
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
