On Thu, Jun 02, 2005 at 09:45:38AM -0500, David L Norris wrote:
> On Thu, 2005-06-02 at 07:29 -0700, Bill Moseley wrote:
> > On Thu, Jun 02, 2005 at 07:02:56AM -0700, Roman Chyla wrote:
> > > [Thu Jun 02 15:52:43 2005] [warn] exec() may not be safe
> > Is that from PHP?
> I believe it is from Apache when running on systems with an insecure
> shell. (i.e. Windows 9x) There's no way to escape anything in the DOS
A quick google found it on PHP related questions, is why I asked.
> One could easily take over the entire computer from a script
> running on the web server.
I hear that it's easier than that.
Unsubscribe from or help with the swish-e list:
Help with Swish-e:
Received on Thu Jun 2 07:48:53 2005