lvs-users
|
To: | "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx> |
---|---|
Subject: | Re: Simple script to Monitor LVS via Web |
From: | Malcolm Turnbull <malcolm@xxxxxxxxxxxxxxxx> |
Date: | Wed, 12 Oct 2005 15:51:43 +0100 |
That's why PHP no longer has register globals defaulted! And also why you lock down your admin ip address by source ip.My code has this vulnerability, but I'm not sure a helper app would be any more secure (sudo is a helper app.) <? $cmd="sudo /sbin/ipvsadm -L ". $dns_flag; passthru($cmd); ?>Whoa. eg: http://example.com/script.php?resolve_dns=1&dnsflag=;rm+-rf+/ |
<Prev in Thread] | Current Thread | [Next in Thread> |
---|---|---|
|
Previous by Date: | Re: talk by Radware, a commercial loadbalancer, Henrik Holst |
---|---|
Next by Date: | Re: Simple script to Monitor LVS via Web, Graeme Fowler |
Previous by Thread: | Re: Simple script to Monitor LVS via Web, Luca Maranzano |
Next by Thread: | Re: Simple script to Monitor LVS via Web, Graeme Fowler |
Indexes: | [Date] [Thread] [Top] [All Lists] |