Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

a security question 2

Discussion in 'Security' started by mahdionline, Aug 9, 2004.

  1. mahdionline

    mahdionline Well-Known Member

    Joined:
    Oct 18, 2003
    Messages:
    127
    Likes Received:
    0
    Trophy Points:
    166
    Hi

    If a user of any host write a program with php and put it in his host , it can see the list of files on another host.

    a program such this :

    Code:
    <?php
    	function dirsize($dir) {
    	   // calculate the size of files in $dir, (it descends recursively into other dirs)
    	   $dh = opendir($dir);
    	   $size = 0;
    	   while (($file = readdir($dh)) !== false)
    	       if ($file != "." and $file != "..") {
    	           $path = $dir."/".$file;
    	           if (is_dir($path))
    	               $size += dirsize($path);
    	           elseif (is_file($path))
    	               $size += filesize($path);
    	       }
    	   closedir($dh);
    	   return $size;
    	}
    	function show_qouta($dir){
    		//$dir = "D:/Acrobat3/Reader/";
    		$dh  = opendir($dir);
    		while (false !== ($filename = readdir($dh))) {
    		    $files[] = $filename;
    		}
    		//print_r($files);
    		foreach ($files as $i=>$j){
    			$str=$dir."/".$j;
    			if($j!="." && $j!=".."){
    				//echo "</br>$str";
    				if(is_dir($str))
    					echo "</br>$j=".dirsize($str);
    				else 
    					echo "</br>$j=".filesize($str);
    			}
    		}		
    	}
    ?>
    
    <form method="POST" >
    	<input name=dir style='width=200'>
    	<br>
    	<input type="submit">
    </form>
    
    <?php
    	
    	if(!empty($dir)){
    		show_qouta($dir);	
    		echo "<br><br><br>";
    	}
    
    	//echo $dir."=".dirsize($dir);
    ?>
    how can i avoid this ?

    Regard
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,460
    Likes Received:
    22
    Trophy Points:
    463
    Location:
    Go on, have a guess
    Several ways:

    1. Enable phpsuexec (search the forum for pros and cons)
    2. run /scripts/enablefileprotect
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. mahdionline

    mahdionline Well-Known Member

    Joined:
    Oct 18, 2003
    Messages:
    127
    Likes Received:
    0
    Trophy Points:
    166
    please explain more !

    Regard
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. Radio_Head

    Radio_Head Well-Known Member

    Joined:
    Feb 15, 2002
    Messages:
    2,051
    Likes Received:
    1
    Trophy Points:
    343
    I still prefer to use php safe mode on, without phpsuxec .
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,460
    Likes Received:
    22
    Trophy Points:
    463
    Location:
    Go on, have a guess
    I always enable phpsuexec on every server - never had a problem with it :)
    Sorry, you're going to have to do a littelt research yourself ;)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice