سؤال
Just experimenting with stuff :)
I created a new directory and did chmod 777 (made it publicly writable)
Now suppose i don't have access to the server where this directory is. I tried the following:
file_put_content('http://myserver.com/writabledir/newfile.txt', "my newfile file contents"); (I am a PHP user). // didn't work as HTTP wrapper is not supported.
I used javascript to upload file to the same writable dir. I get a CORS error.
Now that i could not upload any file to this public writable directory. Could someone point out how can one misuse the public writable directories?
المحلول
Could someone point out how can one misuse the public writable directories?
In and of itself? They can't misuse them. In conjunction with other features (or vulnerabilities), it makes exploitation easier.
That's the entire answer. We could dive into hypothetical scenarios and discuss various threat models, but ultimately, recommendations to make your publicly accessible directories read-only come from a position of "don't take unnecessary risks".
It's a strong position to be in.
https://stackoverflow.com/questions/21840507
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian