Created
September 25, 2014 22:18
-
-
Save felds/36e8e74de7889ea760ec to your computer and use it in GitHub Desktop.
How to protect yourself against Shellshock bug with PHP
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| // unsecure execution | |
| $bug = '"() { :;} ; echo vulnerable" bash -c "echo "'; | |
| passthru("env X=$bug"); // outputs: "vulnerable" | |
| // secure execution using escapeshellarg | |
| $bug = escapeshellarg('"() { :;} ; echo vulnerable" bash -c "echo "'); | |
| passthru("env X=$bug"); // what it should (the dump of env) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment