On Fri, Sep 26, 2014 at 2:01 PM, Tom Perrine <[email protected]> wrote:
> seem to recall some info from yesterday that the example on escape > to shell that's in the PHP book is vulnerable. > If run via cgi or fastcgi/cgi, very probably. Via mod_php, are there significant envars or does the context come from somewhere else? (It should have reasonably direct access to Apache's state instead of needing envars... but then again, it *is* php-related.) -- brandon s allbery kf8nh sine nomine associates [email protected] [email protected] unix, openafs, kerberos, infrastructure, xmonad http://sinenomine.net
_______________________________________________ Tech mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
