On Fri, Sep 26, 2014 at 2:01 PM, Tom Perrine <tom.perr...@gmail.com> wrote:
> seem to recall some info from yesterday that the example on escape > to shell that's in the PHP book is vulnerable. > If run via cgi or fastcgi/cgi, very probably. Via mod_php, are there significant envars or does the context come from somewhere else? (It should have reasonably direct access to Apache's state instead of needing envars... but then again, it *is* php-related.) -- brandon s allbery kf8nh sine nomine associates allber...@gmail.com ballb...@sinenomine.net unix, openafs, kerberos, infrastructure, xmonad http://sinenomine.net
_______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
