From: mb_deris at yahoo dot com Operating system: WIN 7 PHP version: 5.3.18 Package: Program Execution Bug Type: Bug Bug description:exec can create file without using any program
Description: ------------ this code has not any problem: exec('C:/mysql/bin/mysqldump.exe --user=root --password=123456 --host=localhost mydb > D:\myfile.sql'); but this: exec('mydb > D:\myfile.sql'); is any program executed in this? but it create the file with 0byte so now you can create any type of files exec('mydb > D:\myfile.php'); exec('mydb > D:\myfile.exe'); exec('mydb > D:\myfile.txt'); Test script: --------------- exec('mydb > D:\myfile.php'); exec('mydb > D:\myfile.exe'); exec('mydb > D:\myfile.txt'); -- Edit bug report at https://bugs.php.net/bug.php?id=63551&edit=1 -- Try a snapshot (PHP 5.4): https://bugs.php.net/fix.php?id=63551&r=trysnapshot54 Try a snapshot (PHP 5.3): https://bugs.php.net/fix.php?id=63551&r=trysnapshot53 Try a snapshot (trunk): https://bugs.php.net/fix.php?id=63551&r=trysnapshottrunk Fixed in SVN: https://bugs.php.net/fix.php?id=63551&r=fixed Fixed in release: https://bugs.php.net/fix.php?id=63551&r=alreadyfixed Need backtrace: https://bugs.php.net/fix.php?id=63551&r=needtrace Need Reproduce Script: https://bugs.php.net/fix.php?id=63551&r=needscript Try newer version: https://bugs.php.net/fix.php?id=63551&r=oldversion Not developer issue: https://bugs.php.net/fix.php?id=63551&r=support Expected behavior: https://bugs.php.net/fix.php?id=63551&r=notwrong Not enough info: https://bugs.php.net/fix.php?id=63551&r=notenoughinfo Submitted twice: https://bugs.php.net/fix.php?id=63551&r=submittedtwice register_globals: https://bugs.php.net/fix.php?id=63551&r=globals PHP 4 support discontinued: https://bugs.php.net/fix.php?id=63551&r=php4 Daylight Savings: https://bugs.php.net/fix.php?id=63551&r=dst IIS Stability: https://bugs.php.net/fix.php?id=63551&r=isapi Install GNU Sed: https://bugs.php.net/fix.php?id=63551&r=gnused Floating point limitations: https://bugs.php.net/fix.php?id=63551&r=float No Zend Extensions: https://bugs.php.net/fix.php?id=63551&r=nozend MySQL Configuration Error: https://bugs.php.net/fix.php?id=63551&r=mysqlcfg