php exec function security issues

postcd

• June 17, 2014 02:25

Hello, please which tasks can do abusers if i do not disable PHP "exec" function globally? I have this PHP: [QUOTE]php -v PHP 5.3.28 (cli) (built: Jun 12 2014 19:35:04) Copyright (c) 1997-2013 The PHP Group Zend Engine v2.3.0, Copyright (c) 1998-2013 Zend Technologies with XCache v3.0.3, Copyright (c) 2005-2013, by mOo with the ionCube PHP Loader v4.6.1, Copyright (c) 2002-2014, by ionCube Ltd., and with Zend Guard Loader v3.3, Copyright (c) 1998-2010, by Zend Technologies with XCache Cacher v3.0.3, Copyright (c) 2005-2013, by mOo with Suhosin v0.9.33, Copyright (c) 2007-2012, by SektionEins GmbH
And i have SuPHP, SuExec on/enabled.

• 

  cPanelMichael

  • June 17, 2014 12:59

  Hello :) There is a recent thread on the WHT forums where this is discussed that you may find helpful: [url=http://www.webhostingtalk.com/showthread.php?t=1358576]Php Exec & proc_open Thank you.

  0
• 

  quizknows

  • June 17, 2014 18:11

  functions like exec, shell_exec, and passthru allow PHP scripts to run system commands (i.e. bash commands). Generally it's really best to leave them disabled, as it makes it much harder for hackers to functionally use PHP shells or other exploit scripts.

  0

Please sign in to leave a comment.