Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Is there a hack to...


Floob

Recommended Posts

.. edit live files (php) directly using the web admin module.

 

The mainpage hack does just that, but for the mainpage.php only.

 

I want to do the same thing, but for any page I specify - is there such a hack?

 

It would make updates so much quicker.

 

Cheers,

 

Floob.

Link to comment
Share on other sites

Hi,

 

Thanks for that - it looks pretty good.

And comes as standard!

 

Can you explain what the security risk is (how it is exploited) of having the files on 777

 

Cheers,

 

Floob.

Link to comment
Share on other sites

Hi,

Thanks for that - it looks pretty good.

And comes as standard!

 

Can you explain what the security risk is (how it is exploited) of having the files on 777

Cheers,

Floob.

 

There are many exploits. Having files on chmod 777 means ANYBODY is allowed to write to that file. If you are on a shared server another client could go into your homedir and write to the file without problems. URL manipulation can be used for remote attackers. They write a script in that file and call it in their browser so it gets executed.

 

People with sloppy permissions ask for trouble :P

People with web based filemanagers too, or at least that's what I think.

Get SSH or TELNET access to your server and use that instead if you can.

 

Mattice

"Politics is the art of preventing people from taking part in affairs which properly concern them"

Link to comment
Share on other sites

Floob wrote:

Can you explain what the security risk is (how it is exploited) of having the files on 777

 

In short, if someone with a malicous streak got to your filemanager with all files chmod to 777...

 

You be screwed! :lookround:

 

CC.

Link to comment
Share on other sites

  • 2 months later...

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...