Most Dangerous PHP Code

Share any hilarious IRC quotes, pictures, jokes, and more here!
Forum rules
- NO nudity/pornography. NO racism. NO offensive material.
- Posting these may result in warnings and/or possible ban!
- Please abide by the rules: viewtopic.php?f=126&t=4355

Most Dangerous PHP Code

Post by fashizzlepop on Wed Aug 28, 2013 11:43 am
([msg=77084]see Most Dangerous PHP Code[/msg])

The glass is neither half-full nor half-empty; it's merely twice as big as it needs to be.
User avatar
fashizzlepop
Developer
Developer
 
Posts: 2304
Joined: Sat May 24, 2008 1:20 pm
Blog: View Blog (0)


Re: Most Dangerous PHP Code

Post by mShred on Wed Aug 28, 2013 8:12 pm
([msg=77099]see Re: Most Dangerous PHP Code[/msg])

RichieSM wrote:This is some of the most dangerous code I've ever seen in my life.

Lol holy shit. It's almost as if he tried making this THAT bad..
Image

For those about to rock.
User avatar
mShred
Administrator
Administrator
 
Posts: 1689
Joined: Tue Jun 22, 2010 4:22 pm
Blog: View Blog (2)


Re: Most Dangerous PHP Code

Post by -Ninjex- on Wed Aug 28, 2013 9:47 pm
([msg=77102]see Re: Most Dangerous PHP Code[/msg])

Let's simplify

Code: Select all
<?php
$command = trim(fgets(STDIN));
exec("$command");

Image
If you're not willing to learn, no one can help you. If you're determined to learn, no one can stop you.⠠⠵
The absence of evidence is not evidence of absence.
I can explain it for you, but I can't understand it for you.
User avatar
-Ninjex-
Addict
Addict
 
Posts: 1199
Joined: Sun Sep 02, 2012 8:02 pm
Blog: View Blog (0)


Re: Most Dangerous PHP Code

Post by tgoe on Thu Aug 29, 2013 5:09 pm
([msg=77109]see Re: Most Dangerous PHP Code[/msg])

Elevated privs, too... LOL

If this isn't a troll, we're all dead :(
User avatar
tgoe
Contributor
Contributor
 
Posts: 633
Joined: Sun Sep 28, 2008 2:33 pm
Location: q3dm7
Blog: View Blog (0)


Re: Most Dangerous PHP Code

Post by -Ninjex- on Thu Aug 29, 2013 5:52 pm
([msg=77110]see Re: Most Dangerous PHP Code[/msg])

You shouldn't be using shell_exec without sanitizing input anyway.
If you're not willing to learn, no one can help you. If you're determined to learn, no one can stop you.⠠⠵
The absence of evidence is not evidence of absence.
I can explain it for you, but I can't understand it for you.
User avatar
-Ninjex-
Addict
Addict
 
Posts: 1199
Joined: Sun Sep 02, 2012 8:02 pm
Blog: View Blog (0)


Re: Most Dangerous PHP Code

Post by tgoe on Thu Aug 29, 2013 6:13 pm
([msg=77112]see Re: Most Dangerous PHP Code[/msg])

@ninjex

I'm having a hard time with why you just stated the obvious. :?
User avatar
tgoe
Contributor
Contributor
 
Posts: 633
Joined: Sun Sep 28, 2008 2:33 pm
Location: q3dm7
Blog: View Blog (0)


Re: Most Dangerous PHP Code

Post by -Ninjex- on Thu Aug 29, 2013 6:15 pm
([msg=77113]see Re: Most Dangerous PHP Code[/msg])

Because you said we are all dead if the code isn't a troll... Simply sanitize and we all live.
If you're not willing to learn, no one can help you. If you're determined to learn, no one can stop you.⠠⠵
The absence of evidence is not evidence of absence.
I can explain it for you, but I can't understand it for you.
User avatar
-Ninjex-
Addict
Addict
 
Posts: 1199
Joined: Sun Sep 02, 2012 8:02 pm
Blog: View Blog (0)


Re: Most Dangerous PHP Code

Post by tgoe on Thu Aug 29, 2013 6:52 pm
([msg=77114]see Re: Most Dangerous PHP Code[/msg])

That's what I'm getting at. If this isn't a troll, it's more evidence that there are people out there responsible for information that are *utterly* ignorant. I thought I had a pretty good baseline idea of how the average programmer operated, security-wise. If this guy isn't a troll, that baseline just took a nose dive.

What I'm trying to say is, that post is terrifying. I'm wondering now how much similarly shitty code is out there that has important data attached to it.
User avatar
tgoe
Contributor
Contributor
 
Posts: 633
Joined: Sun Sep 28, 2008 2:33 pm
Location: q3dm7
Blog: View Blog (0)


Re: Most Dangerous PHP Code

Post by -Ninjex- on Thu Aug 29, 2013 7:31 pm
([msg=77115]see Re: Most Dangerous PHP Code[/msg])

tgoe wrote:That's what I'm getting at. If this isn't a troll, it's more evidence that there are people out there responsible for information that are *utterly* ignorant. I thought I had a pretty good baseline idea of how the average programmer operated, security-wise. If this guy isn't a troll, that baseline just took a nose dive.

What I'm trying to say is, that post is terrifying. I'm wondering now how much similarly shitty code is out there that has important data attached to it.


Ahh, I understand where you are coming from now. Yeah, every site I visit, stuff like this passes my mind. A bad programmer can easily make the website insecure, as well as some your private information, if it stores that somewhere.

I really hope that the average programmer isn't this stupid, but by looking at all the comments, it seems like the majority are less ignorant than the OP.
If you're not willing to learn, no one can help you. If you're determined to learn, no one can stop you.⠠⠵
The absence of evidence is not evidence of absence.
I can explain it for you, but I can't understand it for you.
User avatar
-Ninjex-
Addict
Addict
 
Posts: 1199
Joined: Sun Sep 02, 2012 8:02 pm
Blog: View Blog (0)



Return to LULZ

Who is online

Users browsing this forum: No registered users and 0 guests