Is this code dangerous?
Posted: Sun Dec 10, 2006 6:18 pm
I've been reading a book on PHP security which is heavily focused of filtering any data that is sent to the server and I've gone back to an old script I created which is a web based PHP dig/ping/whois tool. It allows users to enter a domain or IP and obtain details using the function . Can you tell me if the following script has any jepoardy on the server it's running on?
Code: Select all
systemCode: Select all
<form method = "post" action = "dig.php">
<b>Host: <input type = "text" name = "host">
<input type = "submit" value = "Dig">
</form>
<?
$host = $_POST["host"];
?>
<table>
<tr>
<td bgcolor = "black"><font color="white">
<?
if (isset($host)) {
system("dig $host");
}
?>
</td>
</tr>
</table>
?>