This is not really a coding help kinda post or anything, so I figured I should post it here :confused: Feel free to move it if I am mistaken.

I wrote a simple script once that was simply made to browse the computer it was on, and you could view or copy files and various pointless things like that. But I was playing around with it, and noticed it let me browse directories that normally give you the "Access Denied" error when using explorer to browse them. I could copy files and do whatever I please with PHP. It even worked when I was logged on as a normal user and was browsing an Admins directory. I figured maybe it was just explorer blocking normal attempts to view those directories and PHP didn't recognize that it was restricted or something, so, I (with my limited knowledge) made a simple C program to see if it could access those directories, and the program would just crash(like I said, limited :p) when it tried, but would work fine in non-protected dirs.

This some sorta security vulnerability or what? Or are there other ways to get around it?

This just came back to my attention recently cause WinXP crapped out on me, and won't boot anymore, and my files are in my user dir and I am trying to think of ways of getting my data back :bemused:

Oh, and the directories I am refering to are "C:/Documents and Settings/Username/"

PHP runs with whatever permission the user or account it's running under has. This applies in Windows, Unix or anything else.

Perhaps you were running PHP under a web server running as a privileged account?

Alternatively, perhaps those directories were protected using some lame third party windows explorer shell extension that doesn't affect other programs?

Were the directories protected by ACLs, Windows file encryption, or something else? If so, what?

Mark

PHP runs with whatever permission the user or account it's running under has. This applies in Windows, Unix or anything else.

Perhaps you were running PHP under a web server running as a privileged account?Like I said, it works just the same when running on a restricted account as it does on a administrator account. :confused:

Alternatively, perhaps those directories were protected using some lame third party windows explorer shell extension that doesn't affect other programs?If there are 3rd party, they came with WinXP Home, cause I didn't install anything.

Were the directories protected by ACLs, Windows file encryption, or something else? If so, what?No idea, but considering when I copy the files with PHP I can run the files fine, so I doubt there is any encryption.


But try it yourself, even as the admin, try view another admins files (C:/Documents and Settings/Some Other Admin/) and you will get "Access Denied". And my simple C program couldn't read anything in there either, so far, the only thing that I kind find that can, is PHP.

if your server administrator set up this in your virtual block for your site

php_admin_value open_basedir

and limit it to your directory only. You will not be so easy to use php to read other people's directory.