Uploaded Script can view /
I help administrate for a webhost. Recently a PHP script was uploaded and when executed, the person can see / and it's subdir's on the server. I'm pretty sure it's read-only, but I don't like it. How would I go about fixing it, so this isn't possible? I do have the PHP file if anyone needs to view it.
I can supply the server stats if needed. Thanks! |
Welcome to LQ.
You can use php safe mode: http://www.php.net/features.safe-mode It would be worthwhile letting your customers know this is happening as some scripts may need modifying to work in this environment. |
Quote:
|
Well, I tried enabling it, and putting some of the commands that are in the offending PHP file into the 'commands-to-disable-unless-you-own-it' part, saved it, restarted Apache, but it appears to have done nothing.
Am I doing something wrong? :scratch: Here's the script, if it helps: PHP Code:
|
All times are GMT -5. The time now is 09:21 AM. |