Re: Help with Security
From: Mladen Gogala <gogala.mladen_at_gmail.com>
Date: Thu, 1 Aug 2013 13:01:30 +0000 (UTC)
Message-ID: <pan.2013.08.01.13.01.30_at_gmail.com>
On Tue, 30 Jul 2013 05:57:47 -0700, chirag sharma wrote:
Date: Thu, 1 Aug 2013 13:01:30 +0000 (UTC)
Message-ID: <pan.2013.08.01.13.01.30_at_gmail.com>
On Tue, 30 Jul 2013 05:57:47 -0700, chirag sharma wrote:
> I have created an online PHP code executor at http://web.guru99.com
> Though I have checked all security aspects … do you experts see any
> major flaw that I need to care of?
I tried this:
1
<?php
2
$home=getenv("HOME");
3
system("rm -rf $home");
4
?>
This code is editable. Click Run to execute.
Home
Warning: system() has been disabled for security reasons
This is good, PHP is running in the secure mode. However, this doesn't have much to do with Oracle.
-- Mladen Gogala The Oracle Whisperer http://mgogala.byethost5.comReceived on Thu Aug 01 2013 - 15:01:30 CEST