William, a software developer just starting his career, was asked to create a website in PHP that
would allow visitors to enter a month and a year for their birth date. The PHP code he creates has
to validate the input after it is entered. If William uses the following code, what could a malicious
user input to the year value to actually delete the whole website?
$month = $_GET[‘month’];
$year = $_GET[‘year’];
exec(“cal $month $year”, $result);
print “<PRE>”;
foreach($result as $r)
{

print “$r<BR>”;
}
print “</PRE>”;

A.
“;gf -rm *”

B.
“;dfr -php *”

C.
“;php -rf *”

D.
“;rm -rf *”

Explanation: