Page 1 of 1

How do they see all your files and directories?

Posted: Thu Sep 20, 2007 9:10 pm
by FuzzieDice
I had a site get hacked one time where they put a file such as r0hr.php or something in the directory (my fault I admit for leaving it world-writable in my Joomla site). When one goes to that php page, you could see all the files, directories, etc. It behaved like a file manager. Due to the fact we had deleted all those files from the server, I did not at the time save that php script.

Now I'm working on a server running in a Virtual PC and would love to know how they did that so I can find ways to lock down directories and yet still be able to have only the proper script write to it.

Suppose I have this:

data_dir (chmod 0770)
|
mydomain_dir (chmod 0755)
|
myscript.php (owner+group read+execute)
another_dir (chmod 0777)

And I have the user/group for the data_dir the same as for the script. I can write to it, right? But if someone say, dropped a file in 'another_dir' (which is world writeable), would they be able to see the data_dir? I would think not if the script dropped was saved using user/group that apache uses and data_dir as the user/group that the script uses. Of course, I do not actually plan to have any chmod 0777 directories on the production server. But I did want to investigate this a bit more.

Does anyone know how to use php to browse directories and files? Even links to more information would be appreciated.

Posted: Thu Sep 20, 2007 9:23 pm
by mrkite
If the script is run by apache, it runs as apache's user/group, regardless of who owns the actual file itself.

As far as reading directories goes, you'd want to recursively do this:

Code: Select all

$dir=opendir($dirname);
while (($file=readdir($dir))!==false)
{
    echo "$dirname/$file<br />\n";
}
closedir($dir);

Posted: Fri Sep 21, 2007 1:30 am
by matthijs
This is always a confusing subject, and I can't answer your question directly. But one thing: 777 doesn't mean anybody from outside can just write anything to that directory.