error "NULL byte detected."

Question

error "NULL byte detected."

Joungkyun opened this issue 7 years ago · 0 comments

If run the same command twice, occurs the error "NULL byte detected."

<?php
system ('ls -al');
system ('ls -al');
?>

Expected:

[root@an3 php-7.0.23]$ php -d exec_dir=/asdf test.php
sh: /asdf/ls: No such file or directory
sh: /asdf/ls: No such file or directory
[root@an3 php-7.0.23]$

Actually:

[root@an3 php-7.0.23]$ php -d exec_dir=/asdf test.php
sh: /asdf/ls: No such file or directory
PHP Warning:  system(): NULL byte detected. Possible attack in /root/rpmbuild/BUILD/php-7.0.23RC1/z.php on line 3

Warning: system(): NULL byte detected. Possible attack in /root/rpmbuild/BUILD/php-7.0.23RC1/z.php on line 3
[root@an3 php-7.0.23]$