Non-forked test:\n";
echo "This script is running as pid $pid
\n";
for ( $counter = 0; $counter <= 1000; $counter += 1) {
if (file_exists("/proc/$pid/fd/$counter")) {
$link_target = readlink("/proc/$pid/fd/$counter");
echo "$counter: $link_target";
if ($counter == 0) { echo " (STDIN)"; }
if ($counter == 1) { echo " (STDOUT)"; }
if ($counter == 2) { echo " (STDERR)"; }
if (preg_match("/^socket:/", $link_target)) {
$socket_count = $socket_count + 1;
}
echo "
\n";
}
}
if ($socket_count > 1) {
echo "THIS SERVER IS VULNERABLE (even without forking)
\n";
} else {
echo "This server passes the non-forked test
\n";
}
$socket_count = 0;
echo "Forking test:
\n";
exec("perl -e 'print \"This script is running as pid \$\$
\\n\"; foreach (1..1000) {\$p=\"/proc/\$\$/fd/\$_\";if(-e \$p) { print \"\$_: \" . (readlink \$p) . \"\n\"; }}'", $results);
foreach ($results as $value) {
echo "$value
\n";
if (preg_match("/^\d+: socket:/", $value)) {
$socket_count = $socket_count + 1;
}
}
if ($socket_count > 1) {
echo "THIS SERVER IS VULNERABLE (with forking)
\n";
} else {
echo "This server passes the forked test
\n";
}
?>