hi, i have a security problem on my web/ftp server. Users can use php and use it to exploit my server folders. For example:
server.com
/hosted1
/hosted2
/hosted3
There is a file called exploit.php in hosted3. it contains:
<? include("../hosted1/passwords.php"); ?>
Is there any way to restrict people from using include() require() require_once() functions to their advantage. BUT, i would like the users to be able to use these functions but only in THEIR folder/directory.
Is there any way of making this possible? thanks
ps. i have IIS6, mysql, php, asp
another php include hole
Moderator: General Moderators