- Feature Articles
- CodeSOD
- Error'd
- Forums
-
Other Articles
- Random Article
- Other Series
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
HTTP is a plain text protocol. Its not hard just connecting to Port 80 with telnet and sending the correct headers. Something like this should do the trick:
Admin
Not to say it's not a stupid piece of code. It would however require that the web-server ran as root to chmod /.
Admin
Eh... it's not that easy... chmod'ing "/" would only work if they had Apache (or whatever they use to server the PHP pages) running as root which is highly unlikely. So it's not like that piece of code can be used to grant system-wide write permission.
It can be used to have write permission in anything Apache owns though.
Admin
You are all stupid. One line of a php script gives zero indication of its security.
You have no idea if $_COOKIE["$sessionid"] has already been checked or sanitised elsewhere before this line runs.
On a well controlled dedicated server this is OK, on a shared server this is definitely a no-no, other users would be able to read and modify your users session data, though that may or nay not be a risk, depending on the application.