You are here: Sysadmins of the North » Web applications » Web application security » Exploit PHP mail() to get remote code execution Exploit PHP mail() function to perform remote code execution, under rare circumstances. Security Sucks wrote about an interesting way to exploit PHP's mail() function for remote code execution. Apparently, if you are able to control the 5th parameter of the mail() fu