opendir can list all files and directories!!!

Hi,

As you know the opendir() is a php functions that is used in lots of scripts,
I just found that this function can simply list all files on everywhere on server, even outside the /home directory,

This is an example that lists files in the root directory :

PHP Code:
<?
$dir "/"

if (is_dir($dir)) {
   if ($dh opendir($dir)) { 
       while (($file readdir($dh)) !== false) { 
           print "filename: $file : filetype: " filetype($dir $file) . "\n"
       } 
       closedir($dh); 
   } 

?>
Also you will have access to everyfile, I think this is not normal, any Idea why this happens?

php runs as cgi (phpsuexec) and the open_basedir is enabled also,
disabling this function in php.ini is not a good idea as lots of scripts will fail running,

Regards,

 

 

 

 

Top