I know it is not right to set a permission for the folder as 777, but if it is done so will it be possible to upload a file into that directory without ftp access ? Here is what I mean
Lets say the directory listing is not disabled from apache config, and I can access the folder by ip from the browser, like (im trying from my Win PC connecting to linux in vmware)
http://ift.tt/1BSnKtb
and lets assume this public folder has 777 permission. Can I somehow(using php or anything else) create file test.php in that folder. I tried smth like (running this from localhost of the Windows)
file_put_contents('http://ift.tt/1DOsbol', 'test file')
but I get warning
failed to open stream: HTTP wrapper does not support writeable connections in
I do not know if this is even possible. And if these is not, then what harm possible attacker can do if I have a directory like that with public write access. considering that there is no ftp access.
Thanks
Aucun commentaire:
Enregistrer un commentaire