Page 1 of 1

Open Dir in PHP

Posted: Sat Jan 13, 2007 3:46 am
by thanchetkenji
I use PHP 5.x Apache 2.x In Windows 2003.

This is my error :
1. I created a Virtual Hosting -> D:/sharehost
2. If i upload a File / Directory Manager script in D:/sharehost/script.
3. The script can view all files in my computer C:/*.* , D:/*.* <-- and can delete files.

How to fix it ? please help me security it !
:roll: ^.^ Thanks !

Posted: Sat Jan 13, 2007 8:47 am
by Mordred
If you downloaded this script from somewhere - throw it away and find another.

If you wrote it yourself, make proper checks on the folder you are managing - realpath() and dirname()