lvs-users
|
|
lvs-users
|
| To: | "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx> |
|---|---|
| Subject: | Re: Simple script to Monitor LVS via Web |
| From: | Malcolm Turnbull <malcolm@xxxxxxxxxxxxxxxx> |
| Date: | Wed, 12 Oct 2005 15:51:43 +0100 |
That's why PHP no longer has register globals defaulted! And also why you lock down your admin ip address by source ip.My code has this vulnerability, but I'm not sure a helper app would be any more secure (sudo is a helper app.) <? $cmd="sudo /sbin/ipvsadm -L ". $dns_flag; passthru($cmd); ?>Whoa. eg: http://example.com/script.php?resolve_dns=1&dnsflag=;rm+-rf+/ |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: talk by Radware, a commercial loadbalancer, Henrik Holst |
|---|---|
| Next by Date: | Re: Simple script to Monitor LVS via Web, Graeme Fowler |
| Previous by Thread: | Re: Simple script to Monitor LVS via Web, Luca Maranzano |
| Next by Thread: | Re: Simple script to Monitor LVS via Web, Graeme Fowler |
| Indexes: | [Date] [Thread] [Top] [All Lists] |