Open Dir in PHP

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
thanchetkenji
Forum Newbie
Posts: 1
Joined: Sat Jan 13, 2007 3:22 am

Open Dir in PHP

Post by thanchetkenji »

I use PHP 5.x Apache 2.x In Windows 2003.

This is my error :
1. I created a Virtual Hosting -> D:/sharehost
2. If i upload a File / Directory Manager script in D:/sharehost/script.
3. The script can view all files in my computer C:/*.* , D:/*.* <-- and can delete files.

How to fix it ? please help me security it !
:roll: ^.^ Thanks !
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Post by Mordred »

If you downloaded this script from somewhere - throw it away and find another.

If you wrote it yourself, make proper checks on the folder you are managing - realpath() and dirname()
Post Reply