1

i am using shell_exec to get whois details of a domain. Everything is working fine on localhost but when i am uploading the script on server, it is creating problems. On server, the shell_exec is working partially.

echo "shell_exec('whoami')";

gives me an output.

mac

but when i am using

echo "shell_exec('whois example.com')";

I am getting a blank page

Should i consider using a hosting account with root privilege? If yes then how to deal with security issues?

P.S- i dont know if something like this even exists but i've tested it on localhost and it is running fine on MAMP.

Thanks in advance.

Amir Nasir
  • 35
  • 1
  • 10
  • Most likely the issue is with security. Can't you get any logs? But even better, can't you use some high level function in php instead of shell-exec to do the whois!? – Janick Bernet Aug 18 '13 at 19:29
  • From PHP you do not need to escape to the shell to do a whois query. You have libraries in your programming language or if you want to go to the bottom of it just open a TCP socket to port 43 of the relevant server and send your query followed by CR+LF and just read back a blob of text. – Patrick Mevzek Jan 03 '18 at 20:07

1 Answers1

2

If you do decide to host this script with root privileges, then you should (and I'm sorry) be locked up in a padded cell. That's just mad! You don't need root privileges to run a simple whois command. That's insane!
Hosting as root is about as safe as a nursery, ran by catholic priests, serial killers and crack addicts, who haven't had a fix in three days. Things are going to happen... You can only speculate as to when and how bad it's going to end.

Check using whoami what user is running the script, then check what it's PATH looks like, compare that to where whois actually is, if at all present. If it's not installed, ask your admin to set it up, and give you the rights to use it. If it's installed, try shel_exec('/path/to/bin/whois example.com');
Read up on user rights, and environment variables, (and how to load/manipulate them from a PHP script)

Elias Van Ootegem
  • 74,482
  • 9
  • 111
  • 149
  • That crack about serial killers was a bit strong wasn't it? :) – Tony Hopkinson Aug 18 '13 at 19:33
  • @TonyHopkinson: If somebody even hints at a bad idea, I think it best to kill it, burn it, and bury it before someone sees it and thinks _"Well, actually..."_. PHP doesn't enjoy the best of reputations, partly because people do things with it that no sane person would ever do. Yes, I was being a little drama Queen, I admit, but I think/hope I made my point about hosting as root – Elias Van Ootegem Aug 18 '13 at 19:37
  • Hi Elias, the whois command was not installed on the server. Just installed it. Everything is working fine now. – Amir Nasir Aug 19 '13 at 11:03
  • @AmirNasir: Well than, this answer solved your problem, didn't it? if it did, the SO way of saying thanks is to accept and/or upvote the answer... – Elias Van Ootegem Aug 19 '13 at 11:07
  • Sure Elias but unfortunately the Voteup requires 15 reputation. Thanks once again :) – Amir Nasir Aug 19 '13 at 12:10
  • @AmirNasir: Don't mention it. Always happy to help. Hope I didn't come across as a prat (reading what I've written both in my comments and my answer, I was a bit harsh). Happy coding – Elias Van Ootegem Aug 19 '13 at 12:16