i have a website, and i have a temp directory "tmp" with permissions 777 . My question is , is it possible for a hacker to remote upload a file into this tmp directory ?
Asked
Active
Viewed 248 times
0
-
Your question is unclear. Ok, I have public web-shell and web-server launched as `root`. Is it possible to do bad things? Yes, and not only with `tmp`. Or my server has `777` set on `tmp` but my LAN cable is unplugged. Is it possible to do anything? No. _Conclusion: need more details_. – Alma Do Mar 25 '14 at 13:42
-
post your ques completely – ɹɐqʞɐ zoɹǝɟ Mar 25 '14 at 13:47
1 Answers
0
Anyone can upload using your PHP form. If you're talking about, without using your PHP form the answer is NO.
What 777 says is that any user on the machine can read, write, execute and delete files in that directory. So the only way a hacker would be able to write to it without your permissions would be if they compromised a linux/unix user account that is already on the system. It's not inherently opened to the internet by having permissions of 777.
Chris
- 756
- 4
- 11