CODE_DESC: "This web-accessible script will list security recommendations after scanning available PHP configuration variables and functions for common exploit vectors."
SOURCE_CODE:
Will this PHP harm/modifiy/etc my system if run?
views:
58answers:
2
A:
You should set up a test server to run this against. Basically, you should never run unknown, untrusted third-party code against your production set up.
andymism
2010-10-21 13:48:23
**@andymism:** Not running it against a production server. Did you look at the code?
blunders
2010-10-21 14:18:55
+1
A:
I looked at the code
Basically it's running through a bunch of php commands / functions / classes and seeing what they return
I've ran scripts like this in the past; its basically checking the integrity of php.ini and different versions of php
Shouldn't be harm in it, but always exercise caution running someone else's code.
If your interested in security testing, http://www.owasp.org/index.php/Main_Page is a great resource. I've used their resources many times in testing for PCI and ISO. They have many tools geared towards PHP / mysql, etc...
Mario
2010-10-21 19:38:08
**@Mario:** Thanks! I've looked at it too, at the very least it's got me thinking about how PHP may be used to profile a system's attack vectors. +1 for the link to, owasp's a great resource, haven't look at their site in years... :-)
blunders
2010-10-21 19:49:56