Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    New Coder
    Join Date
    Dec 2006
    Posts
    18
    Thanks
    2
    Thanked 0 Times in 0 Posts

    Uploading Files and 777 Permission Security

    Hi,
    I have a form that allows users to upload only .jpg files. Somehow a hacker was able to upload a php file which in turn he/she used to send out spam mail. It later occured to me that the hacker didn't even use the form because at the time there was no way for him/her to log in and access that page. Of course, the directories where I put the images have 777 permission.

    Can a hacker remotely upload files to a 777 folder?

    Is there a way to allow users to upload images without 777 permissions?

    Thanks

  • #2
    Senior Coder whizard's Avatar
    Join Date
    Jan 2005
    Location
    Philadelphia, PA, USA
    Posts
    1,662
    Thanks
    14
    Thanked 76 Times in 76 Posts
    if you have a 777 folder, anyone can write to it

    Dan
    PHP Tip: If you want to use short tags (<? or <?=$var) then make sure short_open_tag is set to "1". It really helps.

    Don't forget to save everyone time and mark your thread as Resolved :)

    "Also note that it is your responsibility to die() if necessary."

    DON'T USE THE MYSQL_ EXTENSION

  • #3
    Supreme Master coder! _Aerospace_Eng_'s Avatar
    Join Date
    Dec 2004
    Location
    In a place far, far away...
    Posts
    19,291
    Thanks
    2
    Thanked 1,043 Times in 1,019 Posts
    As whizard said anyone can upload to it but something tells me your server shouldn't have allowed this. I found this thread that has a lot of useful information on it.
    http://www.sitepoint.com/forums/show....php?p=3198948
    I'm not sure how much of it will work though.

    770 might be safer permissions to use.
    Last edited by _Aerospace_Eng_; 12-28-2006 at 09:22 AM.
    ||||If you are getting paid to do a job, don't ask for help on it!||||


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •