-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I like received variables POST and send to KSH script.
But it seems that in OpenBSD 5.6 and php-fpm.
exec() and exec_shell() not working.
Could anyone help me?
This link explain in detail what I've tried.
http://serverfault.com/questions/695703/
On Sun, May 31, 2015 at 09:35:36PM -0500, Okupandolared wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> I like received variables POST and send to KSH script.
>
> But it seems that in OpenBSD 5.6 and php-fpm.
>
> exec() and exec_shell() not working.
>
> Could anyone help me?
>
>
does not exist,
so I can copy /usr/bin/whoami to /var/www/usr/bin/whoami?
that try "ls" and "/bin/ls" and "/var/www/bin/ls"
and it does not work,
"/bin/ls" exist
"/var/www/bin/ls" exist
thanks
On 05/31/15 19:43, Zé Loff wrote:
> On Sun, May 31, 2015 at 09:35:36PM -0500, Okupandolared wrote:
>>
On Sun, 31 May 2015 22:20:17 -0500 Okupandolared wrote:
> does not exist,
>
> so I can copy /usr/bin/whoami to /var/www/usr/bin/whoami?
>
> that try "ls" and "/bin/ls" and "/var/www/bin/ls"
>
> and it does not work,
> "/bin/ls" exist
> "/var/www/bin/ls" exist
>
> thanks
>
> On 05/31/15 19:43,
On Mon, Jun 01, 2015 at 04:45:01AM -0400, dan mclaughlin wrote:
> On Sun, 31 May 2015 22:20:17 -0500 Okupandolared wrote:
> > does not exist,
> >
> > so I can copy /usr/bin/whoami to /var/www/usr/bin/whoami?
> >
> > that try "ls" and "/bin/ls" and "/var/www/bin/ls"
> >
> > and it does not work,
Corrected for typos. What I'd just Emailed was without any coffee...
On Mon, Jun 01, 2015 at 06:05:28AM -0400, Josh Grosse wrote:
> Also, in a chrooted filesystem, every dynamically linked executable needs
> access
> to ld.so and its shared libraries. Which means /var/www/usr/lib and
> /var/
On Mon, 1 Jun 2015 06:05:28 -0400 Josh Grosse wrote:
> On Mon, Jun 01, 2015 at 04:45:01AM -0400, dan mclaughlin wrote:
> > On Sun, 31 May 2015 22:20:17 -0500 Okupandolared wrote:
> > > does not exist,
> > >
> > > so I can copy /usr/bin/whoami to /var/www/usr/bin/whoami?
> > >
> > > that try "ls
Everyone is missing the bigger picture here:
Why is a PHP script calling the shell? 9 times out of 10, that's a bad idea
and things should be redesigned so that it's not needed.
---
âLanie, Iâm going to print more printers. Lots more printers. One for
everyone. Thatâs worth going to jail fo
Hi,
I have an web form.
I need send of webform to script bash
webform.html --> PHP proces --> create.sh
create.sh
#!/bin/ksh
# Create user
echo "hi!! your pass $1"
crypted="$(echo -n "$1" | smtpctl encrypt )"
maildir="$3/$2/"
echo -e "$2@$3" >> recipients
echo -e "$2@$3\t$crypted" >> credentia
On Mon, Jun 01, 2015 at 11:49:39AM -0500, Okupandolared wrote:
> Hi,
>
> I have an web form.
>
> I need send of webform to script bash
>
> webform.html --> PHP proces --> create.sh
>
> create.sh
> #!/bin/ksh
> # Create user
>
> echo "hi!! your pass $1"
> crypted="$(echo -n "$1" | smtpctl encry
On 01/06/15 18:49, Okupandolared wrote:
> Hi,
>
> I have an web form.
>
> I need send of webform to script bash
>
> webform.html --> PHP proces --> create.sh
>
> create.sh
> #!/bin/ksh
> # Create user
>
> echo "hi!! your pass $1"
> crypted="$(echo -n "$1" | smtpctl encrypt )"
> maildir="$3/$2/
Why on earth are you using the shell to insert into MySQL?
I would redesign this whole setup under the guidance of someone more
experienced to be honest, there's MANY mistakes you're making here, and
thus likely other mistakes
---
âLanie, Iâm going to print more printers. Lots more printers.
Really you could use php to insert into mysql,
but as I need to run ejabberdctl and smtpdctl.
I thought it would do everything from bash
I have no idea how it could call smtpctl from php, maybe you go look at
python.
On 06/01/15 10:09, Gareth Nelson wrote:
> Why on earth are you using the shell
my domain is:
',); DROP mails;--
Sanitise your inputs
---
âLanie, Iâm going to print more printers. Lots more printers. One for
everyone. Thatâs worth going to jail for. Thatâs worth anything.â -
Printcrime by Cory Doctrow
Please avoid sending me Word or PowerPoint attachments.
See htt
This was an example I wrote this email really is not implemented anywhere.
But thanks for observation.
If I decide to put it online. "think of this security issue?
On 06/01/15 10:20, Gareth Nelson wrote:
> my domain is:
> ',); DROP mails;--
>
> Sanitise your inputs
>
> ---
> “Lanie, I’m going
Hi,
Just to report how it is a bad idea... at least two sql injection and
one shell injection in your files.
On Mon, Jun 01, 2015 at 11:49:39AM -0500, Okupandolared wrote:
> Hi,
>
> I have an web form.
>
> I need send of webform to script bash
>
> webform.html --> PHP proces --> create.sh
>
>
thank you all for the support,
I think in another way, as well sanitize my form.
maybe python goes outside the chroot.
Thanks again
On 06/01/15 10:21, Sebastien Marie wrote:
> Hi,
>
> Just to report how it is a bad idea... at least two sql injection and
> one shell injection in your files.
>
If you made these mistakes you'll have made others - get guidance from
someone who knows what they're doing and have them audit your whole system.
---
âLanie, Iâm going to print more printers. Lots more printers. One for
everyone. Thatâs worth going to jail for. Thatâs worth anything.â -
On Mon, Jun 01, 2015 at 11:49:39AM -0500, Okupandolared wrote:
> Hi,
>
> I have an web form.
>
> I need send of webform to script bash
>
> webform.html --> PHP proces --> create.sh
>
> create.sh
> #!/bin/ksh
> # Create user
>
> echo "hi!! your pass $1"
> crypted="$(echo -n "$1" | smtpctl encry
19 matches
Mail list logo
