RE: Security issue urgent
02-15-2020, 12:24 AM
(This post was last modified: 02-15-2020, 12:29 AM by Ron-e.)
issn't the shell_exec function disabled by default tru suhosin?
So if you can run shell_exec you costumed Sentora and you compromised the security of Sentora yourself or suhosin is broken.
I got this message:
When executing:
So if you can run shell_exec you costumed Sentora and you compromised the security of Sentora yourself or suhosin is broken.
Quote:php_admin_value suhosin.executor.func.blacklist "passthru, show_source, shell_exec, system, pcntl_exec, popen, pclose, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, escapeshellcmd, escapeshellarg, exec"
I got this message:
Quote:Warning: shell_exec() has been disabled for security reasons in /var/sentora/hostdata/zadmin/public_html/xxx_xx/test.php on line 5
When executing:
Code:
<?php
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
echo shell_exec("cat /etc/sentora/panel/cnf/db.php");
?>●
● My Sentora Demo ● My Github ● Auxio Github ●
● Zentora theme ● S-Type theme ● CstyleX theme ●
● flat-color-icons ● small-n-flat-icons ●
●
Sentora's development takes way too long, so i'm transitioning to HestiaCP.
● My Sentora Demo ● My Github ● Auxio Github ●
● Zentora theme ● S-Type theme ● CstyleX theme ●
● flat-color-icons ● small-n-flat-icons ●
●
Sentora's development takes way too long, so i'm transitioning to HestiaCP.
