Go Back   CodingForums.com > :: Server side development > PHP
Reload this Page Uploading Files and 777 Permission Security

Before you post, read our: Rules & Posting Guidelines

Reply
 
Thread Tools Rate Thread
Enjoy an ad free experience by logging in. Not a member yet? Register.
Old 12-28-2006, 06:19 AM   PM User | #1
codegreen
New Coder

 
Join Date: Dec 2006
Posts: 18
Thanks: 2
Thanked 0 Times in 0 Posts
codegreen is an unknown quantity at this point
Uploading Files and 777 Permission Security
Hi,
I have a form that allows users to upload only .jpg files. Somehow a hacker was able to upload a php file which in turn he/she used to send out spam mail. It later occured to me that the hacker didn't even use the form because at the time there was no way for him/her to log in and access that page. Of course, the directories where I put the images have 777 permission.

Can a hacker remotely upload files to a 777 folder?

Is there a way to allow users to upload images without 777 permissions?

Thanks
codegreen is offline   Reply With Quote
Old 12-28-2006, 06:23 AM   PM User | #2
whizard
Senior Coder

 
whizard's Avatar
 
Join Date: Jan 2005
Location: Philadelphia, PA, USA
Posts: 1,457
Thanks: 10
Thanked 37 Times in 37 Posts
whizard will become famous soon enoughwhizard will become famous soon enough
if you have a 777 folder, anyone can write to it

Dan
__________________
If you want to use short tags (<? or <?=$var) then make sure short_open_tag is set to "1". It really helps.
Step 1: Learn. Step 2: Search. Step 3: Post here.
whizard is offline   Reply With Quote
Old 12-28-2006, 08:51 AM   PM User | #3
_Aerospace_Eng_
Supreme Master coder!


 
_Aerospace_Eng_'s Avatar
 
Join Date: Dec 2004
Location: In a place far, far away...
Posts: 19,293
Thanks: 2
Thanked 1,044 Times in 1,020 Posts
_Aerospace_Eng_ is a glorious beacon of light_Aerospace_Eng_ is a glorious beacon of light_Aerospace_Eng_ is a glorious beacon of light_Aerospace_Eng_ is a glorious beacon of light_Aerospace_Eng_ is a glorious beacon of light
As whizard said anyone can upload to it but something tells me your server shouldn't have allowed this. I found this thread that has a lot of useful information on it.
http://www.sitepoint.com/forums/show....php?p=3198948
I'm not sure how much of it will work though.

770 might be safer permissions to use.
__________________
||||If you are getting paid to do a job, don't ask for help on it!||||
Last edited by _Aerospace_Eng_; 12-28-2006 at 09:22 AM..
_Aerospace_Eng_ is offline   Reply With Quote
Reply

Bookmarks

Jump To Top of Thread


« Previous Thread | Next Thread »
Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT +1. The time now is 07:18 AM.
Advertisement
Log in to turn off these ads.