php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #15852 Displaying the file system
Submitted: 2002-03-03 20:54 UTC Modified: 2002-03-04 02:25 UTC
From: webmaster at editgroup dot com dot au Assigned:
Status: Not a bug Package: Directory function related
PHP Version: 4.1.2 OS: Win2K
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: webmaster at editgroup dot com dot au
New email:
PHP Version: OS:

 

 [2002-03-03 20:54 UTC] webmaster at editgroup dot com dot au
A client has posted us the following code, after being able to view to complete filesystem on a Windows 2000 server we resell space on:

----------------------------------------------------
<? 
// get directory handle 
$hook = dir("c:winnt"); 

// display location 
echo "<b>Current path is $hook->path</b><br>"; 

// read directory and echo list 
while ($file=$hook->read()) 
{ 
if ($file != "." && $file != "..") 
{ 
echo "$file<br>"; 
} 
} 

// close directory 
$hook->close(); 
?> 
----------------------------------------------------

Is there anyway to protect against this, and does it represent a security flaw?

Thanks

Gary


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-03-04 02:25 UTC] mfischer@php.net
The bug system is not the appropriate forum for asking support
questions. For a list of a range of more appropriate places to ask
for help using PHP, please visit http://www.php.net/support.php
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Dec 12 13:01:27 2024 UTC