Phpsuexec

gongster · Dec 29, 2004

Hello, I would like to address a vunrability of php. From what I have read DirectAdmin does not support PHPSUEXEC.

I have a script that can read any directory on the machine just by using php. This means if another user has a forum for example. You can simply browse into his directory and view the contents of config.php and easily deface his site.

What can I do about this vunrability. I please hope that DirectAdmin can do something about this because it is a very serious problem. If there is no way to prevent this, I will not be using DirectAdmin in the future.

Thanks!

DJ_Max · Dec 30, 2004

This isn't a issue with DirectAdmin. You need to learn how to secure PHP.
http://www.webhostingtalk.com/showthread.php?s=&threadid=277411&perpage=15&pagenumber=2

You need to disable cerrtain functions that allow you to open other people directories.
The main thing is open_basedir and mod_userdir

nobaloney · Dec 31, 2004

gongster said:
Hello, I would like to address a vunrability of php. From what I have read DirectAdmin does not support PHPSUEXEC.

DirectAdmin doesn't care at all about how you set up PHP; DirectAdmin doesn't use PHP.

Jeff

Phpsuexec

gongster

Verified User

DJ_Max

Verified User

nobaloney

NoBaloney Internet Svcs - In Memoriam †