Thread: cPanel personal account & FTP users
View Single Post
  #3 (permalink)  
Old 05-05-2008, 08:06 PM
vittorio's Avatar
vittorio vittorio is offline
WebProWorld New Member
  

Join Date: Oct 2004
Location: Italy
Posts: 24
vittorio RepRank 0
Default Re: cPanel personal account & FTP users
Hi,
To make that more detailed and clear, suppose that I own a personal account with cPanel administration panel and my ISP allows me to issue 5 FTP accounts.

Now I will create on my related webspace a number of directories in my public_html folder nick, will, slim, incrediblehelp
... then I log in my cPanel and I assign to myaccount.domain.com/incrediblehelp an FTP account ...
...then I will give you the following :
ftp url = ftp.myaccount.domain.com
username = incrediblehelp@myaccount.domain.com
password = SeCrEt
You will be able to login via FTP and upload your files ONLY in the directory incrediblehelp
Your files will be retrievable at the url http://myaccount.domain.com/incrediblehelp/ ONLY
BUT you would also be able to upload the following file : "peep.php"
That file will have the following content :
Code:
<?# - File peep.php
highlight_file('../nick/sensible_data.php');// or worst ../../common.php
?>
All nick sensible data will be read by you.
Is there a way to avoid all that and confine your peeping into your folder ?
Without getting any help from the ISP.

Hope that scenario is now clear enough.
__________________
Php & JavaScript programmer @ pr.c-php.com/forum/
Last edited by vittorio : 05-05-2008 at 08:12 PM.
Reply With Quote