Difference between revisions of "Vuln php exec"
(Created page with "= PHP function exec() allows an attacker to execute shell commands through php = The exec() functions allows an application, user or attacker to send direct commands to the o...") |
Latest revision as of 17:18, 18 June 2012
[edit] PHP function exec() allows an attacker to execute shell commands through php
The exec() functions allows an application, user or attacker to send direct commands to the operating system through PHP. For example, exec() can be used to run shell commands.
[edit] Next Steps
If this risk is unacceptable for your system, then you will want to disable this capability in PHP.
Step 1: Log into the ASL GUI, click on Configuration and select the ASL configuration menu option. This will open the ASL configuration screen.
Step 2: Scroll down to PHP_CHECKS and make sure this is set to "yes". By default ASL will only warn about PHP vulnerabilities. If you set this to yes, it will also fix these vulnerabilities. If this is set to "no" the next step will not work, so set this to "yes".
Step 3: Scroll down to ALLOW_exec and set this to "no".
Step 4: Click the "update" button.
This will resolve this vulnerability.