Bug PHP Code Injection

[daffainfo]

Hello, i found PHP Code injection Iam using system() function in PHP to test it, when run simple php code injection payload to read /etc/passwd <?php system('cat /etc/passwd'); ?> The output will be like this

[hermanzdosilovic]

That is OK, code is run in a sandboxed environment. The same thing can be achieved with Bash.

Thanks for the heads up though and let me know if you found a bug that allowed you to exploit the IDE or API.