LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: Simple script to Monitor LVS via Web

To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: Simple script to Monitor LVS via Web
From: Malcolm Turnbull <malcolm@xxxxxxxxxxxxxxxx>
Date: Wed, 12 Oct 2005 15:51:43 +0100
That's why PHP no longer has register globals defaulted!
And also why you lock down your admin ip address by source ip.
My code has this vulnerability, but I'm not sure a helper app would be any more secure (sudo is a helper app.)


<? $cmd="sudo /sbin/ipvsadm -L ". $dns_flag; passthru($cmd); ?>

Whoa.



eg: http://example.com/script.php?resolve_dns=1&dnsflag=;rm+-rf+/




<Prev in Thread] Current Thread [Next in Thread>