How do they see all your files and directories?

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
FuzzieDice
Forum Newbie
Posts: 4
Joined: Wed Sep 19, 2007 3:04 pm

How do they see all your files and directories?

Post by FuzzieDice »

I had a site get hacked one time where they put a file such as r0hr.php or something in the directory (my fault I admit for leaving it world-writable in my Joomla site). When one goes to that php page, you could see all the files, directories, etc. It behaved like a file manager. Due to the fact we had deleted all those files from the server, I did not at the time save that php script.

Now I'm working on a server running in a Virtual PC and would love to know how they did that so I can find ways to lock down directories and yet still be able to have only the proper script write to it.

Suppose I have this:

data_dir (chmod 0770)
|
mydomain_dir (chmod 0755)
|
myscript.php (owner+group read+execute)
another_dir (chmod 0777)

And I have the user/group for the data_dir the same as for the script. I can write to it, right? But if someone say, dropped a file in 'another_dir' (which is world writeable), would they be able to see the data_dir? I would think not if the script dropped was saved using user/group that apache uses and data_dir as the user/group that the script uses. Of course, I do not actually plan to have any chmod 0777 directories on the production server. But I did want to investigate this a bit more.

Does anyone know how to use php to browse directories and files? Even links to more information would be appreciated.
mrkite
Forum Contributor
Posts: 104
Joined: Tue Sep 11, 2007 4:19 am

Post by mrkite »

If the script is run by apache, it runs as apache's user/group, regardless of who owns the actual file itself.

As far as reading directories goes, you'd want to recursively do this:

Code: Select all

$dir=opendir($dirname);
while (($file=readdir($dir))!==false)
{
    echo "$dirname/$file<br />\n";
}
closedir($dir);
matthijs
DevNet Master
Posts: 3360
Joined: Thu Oct 06, 2005 3:57 pm

Post by matthijs »

This is always a confusing subject, and I can't answer your question directly. But one thing: 777 doesn't mean anybody from outside can just write anything to that directory.
Post Reply