Results 1 to 2 of 2
  1. #1
    Join Date
    Aug 2002

    Surfing directory


    i have a customer that have upgrade a php script on him account and he can see all the directory but get Permission Denied when try to access on it but if he put a path of a account that is on the server he can see all the files and download it example if he open

    he can see evrything, how can i stop this? maybe with openbasedir?

    <?php $folder = $_GET['folder']; if (!$folder') $folder'=$_SERVER['DOCUMENT_ROOT']; $ClassDir = dir($folder'); echo "path: ".$ClassDir->path."<br>$
    <table cellpadding=0 cellspacing=0 border=0 style="font: 11px/18px tahoma,arial;">
    while ($j = $ClassDir->read()) {
    if ($folder'!="/") $k = $folder'."/".$j; else $k = "/".$j;
    $i++; $ty = filetype($k);
    if ($ty=="dir") $text = sprintf("<tr style=\"padding: 0px 5px;\"><td>%03d</td><td>%s</td><td><b>%s</b></td><td>%04o</td><td>%s</td><td>%s</td><td>%d</td><td>$
    $text = sprintf("<tr style=\"padding: 0px 5px;\"><td>%03d</td><td>%s</td><td><b>%s</b></td><td>%04o</td><td>%s</td><td>%s</td><td>%d</td><td><a href=\"read.p$
    echo $text;
    $ClassDir->close(); ?>

  2. #2
    Yes. Open_basedir will stop him.

    You can also install PHPsuexec.
    Like us on Facebook to qualify for discounts!
    Offering: | Internap FCP Bandwidth! | Rebootless Kernel Updates! | Magento Optimized Hosting | Wordpress Hosting |
    Services: | Managed Multiple Cores 64bit Servers | Server Management |

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts