Quote:
Originally Posted by quantum-x
The code basically executes $_SERVER['HTTP_HOST'] [usually the name of your server] as a PHP commandm then dies.
It's definitely odd, as normally HTTP_HOST has your domainname in it - so executing that as PHP won't do dick - unless someone has already injected another value into it, or register_globals is on and you're getting fucked with.
|
You're wrong. This will work regardless off register globals. If he found that on his server, he's fucked, as that gives full server access.