The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Can anyone hack into this?

Discussion in 'General Discussion' started by Roy@ENHOST, Apr 17, 2004.

  1. Roy@ENHOST

    Roy@ENHOST Well-Known Member

    Joined:
    Mar 5, 2002
    Messages:
    495
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Los Angeles California
    Hi guys,

    I was wondering if I leave sensitive data in a PHP file in the cpanel skin folder, if there anyway that a customer can gain access to the content? considering it is a php file
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Code:
    #!/usr/bin/perl
    # replace index.html with whatever file you want
    open (IN, "</usr/local/cpanel/base/frontend/x/index.html") or die;
    my @data = <IN>;
    close (IN);
    @data = grep {$_ =~ s/</\&lt\;/g; $_ =~ s/\n/<br>/g;} @data;
    
    print "content-type: text/html\n\n";
    print @data;
    exit;
    Try running that in a CGI script on a cPanel web site for your answer ;)
     
  3. Roy@ENHOST

    Roy@ENHOST Well-Known Member

    Joined:
    Mar 5, 2002
    Messages:
    495
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Los Angeles California
    Here is what I get:


    Internal Server Error
    The server encountered an internal error or misconfiguration and was unable to complete your request.
    Please contact the server administrator, blah@blah.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.

    More information about this error may be available in the server error log.


    Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.



    Looks like it is impossible to hack!. ;-)
     
  4. Juanra

    Juanra Well-Known Member

    Joined:
    Sep 22, 2001
    Messages:
    777
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Spain
    Hmm, you must have forgotten to change permissions or ownership because the script works OK.
     
  5. Optical

    Optical Well-Known Member

    Joined:
    Dec 7, 2003
    Messages:
    56
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    USA
    make sure you upload to /home/user/public_html/cgi-bin/ and you chmod to 755 :)
     
Loading...

Share This Page