Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Server Paths Security

Discussion in 'Security' started by ukhost, Nov 3, 2002.

  1. ukhost

    ukhost Well-Known Member

    Joined:
    Jan 8, 2002
    Messages:
    222
    Likes Received:
    0
    Trophy Points:
    316
    Hi,

    I have just had it brought to my attention that a user can access any other users files using a php script if they know the server paths.

    Example:

    The client that brought this to my attention has two accounts so know the usernames for both using a simple php script he was able to read the files from one users directory using the script on the other account.

    The script looked something like:

    $dir = opendir(&/home/&username&/images/&);
    while ($file_name = readdir($dir)) {
    ....
    }
    closedir($dir);

    How can we prevent this?

    Kind Regards,

    Neil
     
  2. itf

    itf Well-Known Member

    Joined:
    May 9, 2002
    Messages:
    624
    Likes Received:
    0
    Trophy Points:
    316
    [quote:bad42753d6][i:bad42753d6]Originally posted by ukhost[/i:bad42753d6]

    Hi,

    I have just had it brought to my attention that a user can access any other users files using a php script if they know the server paths.

    Example:

    The client that brought this to my attention has two accounts so know the usernames for both using a simple php script he was able to read the files from one users directory using the script on the other account.

    The script looked something like:

    $dir = opendir(&/home/&username&/images/&);
    while ($file_name = readdir($dir)) {
    ....
    }
    closedir($dir);

    How can we prevent this?

    Kind Regards,

    Neil[/quote:bad42753d6]
    refer to this post I wrote there
    http://forums.cpanel.net/read.php?TID=5321#22993
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice