Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

PHP: ip/~user

Discussion in 'General Discussion' started by Robbinz, Feb 28, 2005.

  1. Robbinz

    Robbinz Registered

    Joined:
    Dec 12, 2003
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    151
    Hi,

    I just ran into a problem, when customers are useing http://ip/~user they are able to read out homedirs of the current IP owner.

    So let's say Use:
    http://1.2.3.4/~myuser

    and the IP is beloning to:
    mydomain.ext

    My customer can do something like this:

    echo get_file_contents($_SERVER['DOCUMENT_ROOT'] . /"mainconfigfile.ext");

    they are printing out the /home/mydomain.ext/public_html/mainconfigfile.ext instead of /home/user/public_html/mainconfigfile.ext

    is there anyway how to solve this problem?

    Kind Regards,

    Robbin
     
  2. germanette

    germanette Active Member

    Joined:
    Jul 26, 2003
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    151
    I think this is what you're looking for, php's open_basedir protection prevents users from opening files outside of their home directory with php.

    You can enable protection through WHM>>Server Setup>>Tweak Security
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice