The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Security hole!!

Discussion in 'Security' started by Getox, Mar 17, 2004.

  1. Getox

    Getox BANNED

    Joined:
    Feb 4, 2004
    Messages:
    87
    Likes Received:
    0
    Trophy Points:
    0
    ok this is a security hole made by PHP

    yes PHP
    no one suspected it but i did ;)

    you know the opendir thing in php??

    PHP:
    $path "/home/{USER}/public_html/"
    $dir_handle = @opendir($path) or die("Unable to open $path"); 
    while (
    $file readdir($dir_handle)) { 
    if(!
    is_dir($file)) { 
    $filesize filesize($path.$file); 
    echo 
    "Name: $file<br>File Size:[$filesize Bytes ]<br>View: <a href=$file target=_blank>Click Here</a><hr>"


    closedir($dir_handle); 
    if they put a username where the {USER} is they can view their files

    and there is a filemanager that can open dirs and EDIT!! files

    maby you should try to fix this
    or they could get cpanel passwords mysql passwords
    and stuff
    and maby edit root password

    i know Ensim stops this
    but i like cpanel MUCH MUCH better

    think you can fix this ?
     
  2. jamesbond

    jamesbond Well-Known Member

    Joined:
    Oct 9, 2002
    Messages:
    738
    Likes Received:
    1
    Trophy Points:
    18
    That's why people use safe_mode and open_basedir.
     
  3. Getox

    Getox BANNED

    Joined:
    Feb 4, 2004
    Messages:
    87
    Likes Received:
    0
    Trophy Points:
    0
    but i have scripts that need "safe_mode" off
     
  4. darksoul

    darksoul Active Member

    Joined:
    Feb 20, 2003
    Messages:
    40
    Likes Received:
    0
    Trophy Points:
    6
    this is pretty much old news.
    thats how its always been with php
    because php runs as user nobody which
    can read all the files.
    There are a few ways to improve this situation
    phpsuexec,open_basedir, running php as a cgi...
    mod_security
     
  5. laura

    laura Active Member

    Joined:
    Sep 12, 2003
    Messages:
    35
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    indonesia
    how to make PHP safe mode?
     
  6. trparky

    trparky Well-Known Member

    Joined:
    Apr 23, 2003
    Messages:
    184
    Likes Received:
    1
    Trophy Points:
    0
    First off all, passwords are encrypted for both MySQL as well as CPanel/WHM, so no worries there.
     
  7. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Erm, nope. Passwords are usually in glorious plain-text within PHP/Perl scripts, all of which you can read if you don't use openbase_dir protection and/or other protection mechanisms.

    Also, safe_mode will do nothing for you in this situation. As has been said, this type of issue has been around for many many years. That's why you shouldn't be hosting people without the basics required for server administration of the OS of your choice.

    To protect yourself and your customers, you should always enable:

    1. SuEXEC
    2. phpSuEXEC (compiled into Apache)
    3. open_basedir protection
    4. /scripts/enablefileprotect (on cPanel boxes)

    Have a look at this thread for more information and implications:

    http://forums.servermatrix.com/viewtopic.html?p=45532
     
  8. BeerUser

    BeerUser Active Member

    Joined:
    Apr 16, 2004
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    I get "Unable to open /home/accountuser/public_html", I dont think that code works.
     
Loading...

Share This Page