CPANEL user has access to root folder via PHP
How that is possible:
1. I add a new account to my WHM
2. Log into FTP with the CPANEL credentials
3. I upload a php file with:
<?php
$dir = '/';
$files1 = scandir($dir);
print_r($files1);
echo file_get_contents('/razor-agent.log');
?>
4. Then I can see the files/folders and also can read them?
How can I prevenet doing that.
Thanks!
-
Hey there! This seems like normal behavior to me. A user will frequently have read access to areas outside their home directory, which is necessary in order for things like PHP to function properly.
0 -
Oh okey, thanks for the info.
It just rise some security questions to me.
But if you say it is normal, then I am happy.
1
Please sign in to leave a comment.
Comments
2 comments