PHP Shell Script Injection
Posted: Mon Jun 19, 2006 1:58 pm
Hello all:
I've recently written a small PHP script to collect information and send an email to the graphic artist. Easy enough, and carefully cleaned of HTML tags for XSS vulnerabilities.
My question is about shell script injection vulnerabilities. If the information is properly sanitized (IE regex, htmlentities()) it won't have a problem, but if I'm not using shell_exec() or some other function to make the input run as a shell script, is the average HTML form vulnerable to such an injection attack? In example, if some user entered a PHP command using the backtick to run it as a shell script, would the server interpret it that way and try to run it as a shell script without a PHP shell command on the backside?
All of the information I've found on this subject relates to running your own shell scripts and ensuring that user input is properly sanitized, and doesn't really address the question of incidental vulnerability. I ask because I haven't found a definitive answer and want to understand PHP's abilities as well as I can.
Thank you!
I've recently written a small PHP script to collect information and send an email to the graphic artist. Easy enough, and carefully cleaned of HTML tags for XSS vulnerabilities.
My question is about shell script injection vulnerabilities. If the information is properly sanitized (IE regex, htmlentities()) it won't have a problem, but if I'm not using shell_exec() or some other function to make the input run as a shell script, is the average HTML form vulnerable to such an injection attack? In example, if some user entered a PHP command using the backtick to run it as a shell script, would the server interpret it that way and try to run it as a shell script without a PHP shell command on the backside?
All of the information I've found on this subject relates to running your own shell scripts and ensuring that user input is properly sanitized, and doesn't really address the question of incidental vulnerability. I ask because I haven't found a definitive answer and want to understand PHP's abilities as well as I can.
Thank you!