The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Server Paths Security

Discussion in 'Security' started by ukhost, Nov 3, 2002.

  1. ukhost

    ukhost Well-Known Member

    Joined:
    Jan 8, 2002
    Messages:
    222
    Likes Received:
    0
    Trophy Points:
    16
    Hi,

    I have just had it brought to my attention that a user can access any other users files using a php script if they know the server paths.

    Example:

    The client that brought this to my attention has two accounts so know the usernames for both using a simple php script he was able to read the files from one users directory using the script on the other account.

    The script looked something like:

    $dir = opendir(&/home/&username&/images/&);
    while ($file_name = readdir($dir)) {
    ....
    }
    closedir($dir);

    How can we prevent this?

    Kind Regards,

    Neil
     
  2. itf

    itf Well-Known Member

    Joined:
    May 9, 2002
    Messages:
    624
    Likes Received:
    0
    Trophy Points:
    16
    [quote:bad42753d6][i:bad42753d6]Originally posted by ukhost[/i:bad42753d6]

    Hi,

    I have just had it brought to my attention that a user can access any other users files using a php script if they know the server paths.

    Example:

    The client that brought this to my attention has two accounts so know the usernames for both using a simple php script he was able to read the files from one users directory using the script on the other account.

    The script looked something like:

    $dir = opendir(&/home/&username&/images/&);
    while ($file_name = readdir($dir)) {
    ....
    }
    closedir($dir);

    How can we prevent this?

    Kind Regards,

    Neil[/quote:bad42753d6]
    refer to this post I wrote there
    http://forums.cpanel.net/read.php?TID=5321#22993
     
Loading...

Share This Page