openbase dir Vulnerability
dears as i checked with below php code
[CODE=php] $user = 'MMMMMMM';
if( file_exists("/home/$user/public_html/wp-config.php") ){
$mrm = file_get_contents("/home/$user/public_html/wp-config.php");
if(file_put_contents($user.".txt",$mrm)){
echo "/home/$user/public_html/wp-config.php".' is wordpress!
'; } }
The hacker can read the data of all other users ( other public_html) How can this attack be prevented? i checked user_dir / suphp / suexec / php-fpm / ruid2 / php.ini / ....and more but not work. how to set open?basedir per user in httpd.conf
'; } }
The hacker can read the data of all other users ( other public_html) How can this attack be prevented? i checked user_dir / suphp / suexec / php-fpm / ruid2 / php.ini / ....and more but not work. how to set open?basedir per user in httpd.conf
-
Hey there! I loaded that code into a sample file on my personal website and added the opening and closing PHP tags, and nothing was displayed in the browser or on the command line when executing that file. Can you get me more details on how you're testing this? 0 -
Sounds as you have some bad permissions set on your /home directories. This is absolutely not default behaviour :) 0
Please sign in to leave a comment.
Comments
2 comments