Say I have the following directory setup:
/public_html/
- /config.php
- /index.php
- /inc/
- /site1/
- /site2/
In /public_html I have the domain rootsite.com pointing to /public_html/ I have site1.com pointing to /public_html/site1/ and site2.com to /public_html/site2/.
Site1 and site2 are my friend's sites.
Now the problem is there could be a injected file in /site1 that uses:
Code: Select all
<?php
include('../config.php');
echo $password,'\n';
include('../site2/config.php');
echo $password,'\n';
$fh = fopen('../index.php', 'w');
fwrite($fh, "You've been hacked\n");
fclose($fh);
?>