read())) $files[]=strval($name); $di->close(); echo "
"; print_r($files); echo "..."/>





   













 




    
        
User can see/modify your root just from PHP script

    

    

        
        
        
       
    


        	 

        
        
    
    

    
 
 
    This php example shows the root dir content of you box.
 
 <?
 
 $files=array();
 
 $di=dir("/");
 while (false!==($name=$di->read())) $files[]=strval($name);
 $di->close();
 
 echo "<pre>";
 print_r($files);
 echo "</pre>";
 
 ?>
 
 Anybody hear about it?
 How do you close this hole?    





 
 


 
 




Top