Home/ Questions/Q 543433
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-13T10:33:03+00:00

Hello I have a couple questions about PHP exec() and passthru(). 1) I never

  • 0

Hello I have a couple questions about PHP exec() and passthru().

1)
I never used exec() in PHP but I have seen it is sometimes used with imagemagick. I am now curious, what is some other common uses where exec is good in a web application?

2)
About 6 years ago when I first started playing around with PHP I did not really know anything, just very basic stuff and I had a site that got compromised and someone setup there own PHP file that was using the passthru() function to pass a bunch of traffic throught my site to download free music or video and I got hit with a 4,000$ bandwidth charge from my host! 6 years later, I know soo much more about how to use PHP but I still don’t know how this ever happened to me before. How can someone beable to add a file to my server through bad code?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    1] Exec() is really useful when you:

    A) Want to run a program/utility on the server that php doesn’t have a command equivalent for. For example ffmpeg is common utility run via an exec call (for all sorts of media conversion).

    B) Running another process – which you can block or NOT block on – that’s very powerful. Sometimes you qant a pcnt_fork though, or similar, along with the correct CL args for non blocking.

    C) Another example is when I have to process XSLT 2.0 – I have to exec() a small java service I have running to handle the transformations. Very handy. PHP doesn’t support XSLT 2.0 transformations.

    2] Damn that’s a shame.
    Well, lots of ways. Theres a family of vulnerability called, “remote file include vulns”, that basically allow an attacker to include arbitrary source and thus execute it on your server.
    Take a look at: http://lwn.net/Articles/203904/

    Also, mentioned above, say your doing something like (Much simplified):

    exec("someUnixUtility -f $_GET['arg1']");

    Well, imagine the attacker does, url.come?arg1=”blah;rm -rf /”, your code will basically boil down to:

    exec("someUnixUtility -f blah; rm -rf /");

    Which in unix, you separate commands w/the ; So yeah – that could be a lot of damage.

    Same with a file upload, imagine you strip the last four chars (.ext), to find the extension.
    Well, what about something like this “exploit.php.gif”, then you strip the extension, so you have exploit.php and you move it into your /users/imgs/ folder. Well, all the attacker has to do now is browse to users/imgs/exploit.php and they can run any code they want. You’ve been owned at that point.

    • 0