Willx Posted April 9, 2008 Share Posted April 9, 2008 Okay i was curious anyone know if this is true or not.. i wanted to make sure i was right.. "function shell_exec()" is a way to exploit servers? True or False? 0 Quote Link to comment Share on other sites More sharing options...
freedombi Posted April 9, 2008 Share Posted April 9, 2008 It depends on what you do with it. For example, shell_exec($_REQUEST['command']) is an invitation for everyone to take over your box. With proper input validation, or better yet, hardcoded commands and arguments based on user input, you should be safe. Just remember to never trust user input. See http://php.net/shell_exec for more info. 0 Quote Link to comment Share on other sites More sharing options...
Willx Posted April 9, 2008 Author Share Posted April 9, 2008 Yeah cause I was telling this friend that he needs to have that on to have WHMCS status page to work.. Hes like no because it will let people hack into the box or exploit it.. So just trying to find a good way to eas his mind.. 0 Quote Link to comment Share on other sites More sharing options...
minadreapta Posted April 9, 2008 Share Posted April 9, 2008 it's only the uptime that doesn't work. everything else works fine if shell_exec is disabled. 0 Quote Link to comment Share on other sites More sharing options...
Willx Posted April 9, 2008 Author Share Posted April 9, 2008 Well he has a nice long error log in his status folder 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.