The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

a security question 2

Discussion in 'Security' started by mahdionline, Aug 9, 2004.

  1. mahdionline

    mahdionline Well-Known Member

    Joined:
    Oct 18, 2003
    Messages:
    127
    Likes Received:
    0
    Trophy Points:
    16
    Hi

    If a user of any host write a program with php and put it in his host , it can see the list of files on another host.

    a program such this :

    Code:
    <?php
    	function dirsize($dir) {
    	   // calculate the size of files in $dir, (it descends recursively into other dirs)
    	   $dh = opendir($dir);
    	   $size = 0;
    	   while (($file = readdir($dh)) !== false)
    	       if ($file != "." and $file != "..") {
    	           $path = $dir."/".$file;
    	           if (is_dir($path))
    	               $size += dirsize($path);
    	           elseif (is_file($path))
    	               $size += filesize($path);
    	       }
    	   closedir($dh);
    	   return $size;
    	}
    	function show_qouta($dir){
    		//$dir = "D:/Acrobat3/Reader/";
    		$dh  = opendir($dir);
    		while (false !== ($filename = readdir($dh))) {
    		    $files[] = $filename;
    		}
    		//print_r($files);
    		foreach ($files as $i=>$j){
    			$str=$dir."/".$j;
    			if($j!="." && $j!=".."){
    				//echo "</br>$str";
    				if(is_dir($str))
    					echo "</br>$j=".dirsize($str);
    				else 
    					echo "</br>$j=".filesize($str);
    			}
    		}		
    	}
    ?>
    
    <form method="POST" >
    	<input name=dir style='width=200'>
    	<br>
    	<input type="submit">
    </form>
    
    <?php
    	
    	if(!empty($dir)){
    		show_qouta($dir);	
    		echo "<br><br><br>";
    	}
    
    	//echo $dir."=".dirsize($dir);
    ?>
    how can i avoid this ?

    Regard
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Several ways:

    1. Enable phpsuexec (search the forum for pros and cons)
    2. run /scripts/enablefileprotect
     
  3. mahdionline

    mahdionline Well-Known Member

    Joined:
    Oct 18, 2003
    Messages:
    127
    Likes Received:
    0
    Trophy Points:
    16
    please explain more !

    Regard
     
  4. Radio_Head

    Radio_Head Well-Known Member

    Joined:
    Feb 15, 2002
    Messages:
    2,051
    Likes Received:
    1
    Trophy Points:
    38
    I still prefer to use php safe mode on, without phpsuxec .
     
  5. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    I always enable phpsuexec on every server - never had a problem with it :)
    Sorry, you're going to have to do a littelt research yourself ;)
     
Loading...

Share This Page