i just got a pm from robert in irc. he is currently away, so i can't ask him more... he says that you can get show.php to show any part of the directory structure by giving it stuff like show.php?../../../.. and so on. He said he could see /etc/passwd that way.

Well, that's not soo dangerous as /etc/passwd doesn't conatin passwords, and you certainly can't get access to /etc/shadow that way, it'ss till wort ficing. I haven't been able to do conform that propblem, i only got Ooopses.

34sp.com has some securitz. reading out /etc/passwd is not as easy as show.php?/etc/passwd because / actuallz refers to web/.
fabs

Hehe, fabs, you see those ../../../../'s? That was the problem. Bug fixed though. I made it forbidden to access anything with ../../ in it. Anyhow, that passwd file only had a list of users, the passwords weren't really there (or so it seemed)

Oh, fsvara, you get Ooopses because I fixed the bug. It takes you to the error whenever somebody breaks that "rule". Check show.php's source.

yeah, rober told me...

btw, that 'passwords (hashes) not being in /etc/passwd' is called shadow passwords.

In the old Unix days there were no computers powerful enough to crack the hashes in /etc/passwd, and programs were accessing it for random stuff like reading user IDs.

Now, everybody has the computing power to crack a pass in less than a week, so 'shadow passwords' were introduced. Instead of the password has, the pass entry in /etc/passwd contains a "*" or "x". The password hashes are in /etc/shadow. /etc/shadow can only be read by root, so that's np.

That way, old programs will still work when they read /etc/passwd, but you ahve the additional security.

Every Linux sys should have that enabled, it's a real secxurity risk otherwise, when the pass hashes are world readable.

cool