Posted by J.O. Aho on 09/09/06 05:21

eugene2008 wrote:
> This is the script I've checked on my VPS WIN2003 XAMPP
> http://php.spb.ru/remview/
> http://php.spb.ru/remview/screen_mainwindow.html
> http://php.spb.ru/remview/remview_2003_10_23.php
>
> tranlate from rus to eng
>
> http://tinyurl.com/mff7x
>
> and results are horrible :)))
> *complete* control over entire system - just like it would be a non GUI
> REMOTE ADMINISTRATOR...
> So, how to disallow any script to move beyond it's top/root folder?
> For instance if domain name is domen.com and it's placed in
> c:\vhosts\domen.com
> I want any script in this domain not to go upper then / root =>
> c:\vhosts\domen.com\
>
> really need help, because this is a scary stuff :)
>
>

Find the readdir() and see the name for the path variable, then locate where
the path is created, add a function that checks for your virtual root path, if
it's not there then replace the path with c:\vhosts\domen.com\


//Aho

• Next in forum: Re: Extract Content Between Style Tags with Preg and PHP
• Prev in forum: Script breaks php security on win2003 XAMPP
• Thread view: Re: Script breaks php security on win2003 XAMPP

[Reply to this message]