Posted by "Richard Lynch" on 10/14/05 22:37

On Thu, October 13, 2005 4:05 pm, Graham Anderson wrote:
> How does a hacker get access to your scripts located outside the web
> folder?

Several obvious options:

1. Get an account on the machine, and write another PHP script to read
it.

2. Find some other script on the machine that will cheerfully dump out
any path you ask for:
<?php include $_GET['hack_me']?>

3. Guess/Get the username/password of the webmaster.

4. Find somebody hosted on a Windows box. Break the Windows security
with any of the 2 zillion scripts to do that.

5. Physical access to the box. If he can touch the hardware, it's
game over.

There are presumably more arcane and obscure methods that might have
been employed.

> I asked a friend to hack my php script within the web folder...
>
> all of my crucial function were called by:
> require_once("/home/siren/includes/fonovisa.inc");
> the 'encrypt' functions are MCRYPT_RIJNDAEL_256
>
> He was able to get access to the 'fonovisa.inc' php script [outside
> the web folder] and all the stuff inside

Ask your friend how they did it.

Plug that hole, and any similar-shaped holes.

Repeat.

> Based on my current knowledge, my security breaches are probably big
> enough to drive a truck through :(
>
> how can I prevent this ?

Without knowing which way they got in, nobody can answer this.

It's like this:
A burglar stole my silverware!
How do I stop this from happening again?

Nobody can answer that.

> elseif(trim(decrypt($_REQUEST['cmd']))=="getmovie")
> freadMovie($_REQUEST['path']);

Okay, this sure looks like it might be #2 from above. Depends on how
freadMovie() is written.

> //-------------------------
> // Santize the variables to prevent mysql injection and trim them
> function sanitizeVars()

You specifically protect against MySQL injection in a script that
doesn't seem to do anything with MySQL...

But do NOTHING to protect against shell arguments.

What's wrong in this picture? :-)
Or should I say what's wrong in this Movie? :-) :-) :-)

--
Like Music?
http://l-i-e.com/artists.htm

• Next in forum: editor
• Prev in forum: Re: [PHP] Obsession with BC, take 2
• Thread view: Re: [PHP] prevent user from getting scripts outside the web folder

[Reply to this message]