Page 1 of 1

Can alter different site!

Posted: Tue Feb 12, 2008 3:49 pm
by Jonah Bron
Hello, world!

After a series of tests, I found that I could alter a page on another domain I have, from nucleussystems.com with a php script. :banghead: It was just a simple php script, using relative addresses, to write new content to a txt file on the other site. Both are on the same domain.

If I were going to host websites, is there a way to avoid this?

Just want to alert the general public (of coders) to this issue.

Thanks!
P.S. can anyone else reproduce this process?

Re: Can alter different site!

Posted: Tue Feb 12, 2008 7:07 pm
by dayyanb
Umm... wow.

Your file probably had write permissions for everyone, but still I would think the host should have some sort of protection against that.

Re: Can alter different site!

Posted: Tue Feb 12, 2008 7:13 pm
by Jonah Bron
Wow is right. 8O

Re: Can alter different site!

Posted: Tue Feb 12, 2008 7:16 pm
by Benjamin
Even if the file had 0600 (-rw-------) permissions, since both files are owned and executed by the same user account either could write to the other.

Re: Can alter different site!

Posted: Tue Feb 12, 2008 9:48 pm
by Christopher
I am guessing that the reason you can do what you did is because both of your sites use the same user account. It makes sense.