CGI Security, Local Exploit

you all know that PHP can be run on (Safe Mode) so function like: system(); exec(); `$cmd`; can't be run on the server..
but what about Perl? is there any way to disaple some dangerus function like system(); and what about SSI? any one can upload a file.shtml that contain <!--#exec cmd="cat /home/anotheruser/html/pass.php"-->


and another Q:

lets say that i don't run PHP in safe mode.. but i edited the php.ini and i add:
disable_functions = system; exec; passthru; fopen etc...

any one can escape from this like this:

<?
$output = `$cmd`;
echo $output;
?>



any solutions?

Thank u

 

 

 

 

Top