Non-forked test:\n"; echo "This script is running as pid $pid
\n"; for ( $counter = 0; $counter <= 1000; $counter += 1) { if (file_exists("/proc/$pid/fd/$counter")) { $link_target = readlink("/proc/$pid/fd/$counter"); echo "$counter: $link_target"; if ($counter == 0) { echo " (STDIN)"; } if ($counter == 1) { echo " (STDOUT)"; } if ($counter == 2) { echo " (STDERR)"; } if (preg_match("/^socket:/", $link_target)) { $socket_count = $socket_count + 1; } echo "
\n"; } } if ($socket_count > 1) { echo "

THIS SERVER IS VULNERABLE (even without forking)

\n"; } else { echo "

This server passes the non-forked test

\n"; } $socket_count = 0; echo "

Forking test:

\n"; exec("perl -e 'print \"This script is running as pid \$\$
\\n\"; foreach (1..1000) {\$p=\"/proc/\$\$/fd/\$_\";if(-e \$p) { print \"\$_: \" . (readlink \$p) . \"\n\"; }}'", $results); foreach ($results as $value) { echo "$value
\n"; if (preg_match("/^\d+: socket:/", $value)) { $socket_count = $socket_count + 1; } } if ($socket_count > 1) { echo "

THIS SERVER IS VULNERABLE (with forking)

\n"; } else { echo "

This server passes the forked test

\n"; } ?>