Full Disclosure mailing list archives
Re: SANS PHP Port Scanner Remote Code Execution
From: Fayyaz Ali <anees042 () gmail com>
Date: Wed, 6 Mar 2013 06:02:29 +0400
$host = $_POST['ip'];
system("ping $host");
On Wed, Mar 6, 2013 at 5:46 AM, laurent gaffie <laurent.gaffie () gmail com>wrote:
http://resources.infosecinstitute.com/php-build-your-own-mini-port-scanner/ Finding the vulnerability in this code is left as an exercise to the reader. PS: "*Your comment will be awaiting moderation forever."* _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- SANS PHP Port Scanner Remote Code Execution laurent gaffie (Mar 05)
- Re: SANS PHP Port Scanner Remote Code Execution Fayyaz Ali (Mar 05)
- Re: SANS PHP Port Scanner Remote Code Execution Harry Hoffman (Mar 05)
- Re: SANS PHP Port Scanner Remote Code Execution laurent gaffie (Mar 05)
- Re: SANS PHP Port Scanner Remote Code Execution Alexandre Teixeira (Mar 06)
- Re: SANS PHP Port Scanner Remote Code Execution laurent gaffie (Mar 05)
- Re: SANS PHP Port Scanner Remote Code Execution Źmicier Januszkiewicz (Mar 06)
- Re: SANS PHP Port Scanner Remote Code Execution Benji (Mar 06)
- Re: SANS PHP Port Scanner Remote Code Execution Benji (Mar 06)
- Re: SANS PHP Port Scanner Remote Code Execution Ulisses Montenegro (Mar 06)
- Re: SANS PHP Port Scanner Remote Code Execution Dan Ballance (Mar 06)
- Re: SANS PHP Port Scanner Remote Code Execution Christian Sciberras (Mar 06)
- Re: SANS PHP Port Scanner Remote Code Execution Ulisses Montenegro (Mar 06)
- Re: SANS PHP Port Scanner Remote Code Execution Benji (Mar 06)