Highest Voted 'file-access' Questions - IT Security Stack Exchange

1

vote

2 answers

What can a site visitor do with a 777 file on my web server?

Sometimes I prefer working with text files instead of database as I can later manually edit the file content. Imagine I have created a text file blacklist and chmodded it to 777. Let's say it is accessible at…

webserver file-access

asked Nov 14 '18 at 13:56

Mehdi Haghgoo

233
1
2
6

1

vote

1 answer

How to deny execution of any file on a specific directory?

I built a form that lets the user to upload files to a specific directory (apache2, php). I already limited file type and did some other security things. But I would anyway also like to deny the execution of those files to all. They're meant to be…

php apache file-upload file-access htaccess

asked May 29 '18 at 09:10

Luca Reghellin

111
2

1

vote

1 answer

How secure is it to store passwords in a non-accessible file?

So, I was thinking about workarounds for saving passwords in text files (just because I'm curious), and I thought, what if I saved my file somewhere that is non-accessible? My server has a public_html folder where all of the code lies, however, I…

passwords php webserver file-system file-access

asked Mar 19 '18 at 00:21

Joshua Sparkel

25
2

1

vote

1 answer

How can I capture files malware creates and then deletes?

Malware on Windows often creates and deletes files. How can I capture the files it creates if it deletes them too quickly to copy?

malware windows forensics file-system file-access

asked Jul 06 '17 at 11:14

Mars

11
2

1

vote

0 answers

user permissions and nginx with git hook for deployment

So I am trying to set up a webserver which will use nginx to serve a static site (for now). I set up a git repo that I want to push to in order to make deployment easy (using this guide:…

permissions file-access nginx

asked May 14 '17 at 02:45

someguyquestions

11
2

1

vote

1 answer

How would rw permissions on an Apache directory actually be compromised?

I have a directory on an Apache server dedicated to serving images, and I have those images rw for www-data (Apache process runs as www-data). I've configured it like this, because in the authenticated part of the site (which runs Django), I have…

apache file-access

asked Mar 13 '17 at 10:09

trajekolus

111
1

1

vote

3 answers

Rationale behind SELinux preventing file access

Some of the few times I've had to deal with SELinux were when I setup a local webserver on a Fedora box. Problems occurred when a web application tried to write files to the file system. I'm used to setting up Posix file permissions properly, so one…

file-access selinux

asked Mar 07 '17 at 16:16

aross

131
8

1

vote

1 answer

Shellcode for higher file privileges

I'm learning exploits from the book Hacking: The Art of Exploitation. The shellcode below was written to enable higher privilege access to…

windows exploit file-access

asked May 16 '12 at 02:14

b3l4rus

11
2

1

vote

1 answer

How did stuxnet hid it's files after the infection?

I've noticed that when ~WTR4141.tmp is loaded, it doesn't set hidden file attributes to .lnk files and on the other .tmp rootkit file of the Stuxnet bundle. I've seen that these are all the possible file attributes on Windows: Let- Bit ter …

virus file-system file-access

asked Jan 30 '17 at 23:17

Zlatan Omerović

113
4

1

vote

1 answer

Should pypi subdirectories be accessible from web browser?

I am a security researcher and when I was fingerprinting one web application I found out that all the subdirectories of domain.com/pypi were accessible from the web browser. The main directory pypi returns 403 Forbidden when I try to access it but…

web-application penetration-test python file-access

asked Jun 29 '16 at 19:39

Niemand

13
3

1

vote

0 answers

File sharing solution with approval workflow

Is there any solution out anyone is aware of that does secure file sharing but with the facility of an approval workflow. A case being a person can upload a file to the secure file sharing solution but requires an approval to actually be added to…

data-leakage file-upload file-access

asked Jun 24 '16 at 07:08

Potta Pitot

33
4

1

vote

5 answers

blocking direct access to files via url input while still allowing a script on server to access files

I am trying to accomplish the following and have been unsuccessful. I would appreciate any insight. Scenario: http://www.mydomain.com/filename.html is a webpage. On this webpage I am running a viewer script that calls up documents (.png,swf, pdf)…

webserver file-access obscurity

asked Mar 02 '12 at 22:19

Tracy

11
1
1
2

1

vote

2 answers

Protect Public Directories Linux

Just for a brief overview. I have a system that can generate invoices and has a login system for a user to generate his/her invoices. Lets say the platform resides at /platform and the invoices in /platform/invoices and the platform is at the domain…

linux file-access directory-traversal

asked Mar 17 '16 at 09:39

The Humble Rat

113
4

1

vote

0 answers

Why doesn't homebrew fix file access problems by itself?

Before I took ownership of /usr/local, "brew link" caused a "/usr/local/..." not writeable. Is there any particular security reason why the program didn't say something like "The operating system won't let me write to this folder, but I think I can…

access-control macos file-access

asked Mar 11 '16 at 21:06

moonman239

121
4

1

vote

1 answer

Is it possible to log all file reads performed by an application in Windows 7?

I have a piece of software I'm supposed to be running on my computer. The only thing I'm slightly worried about is the files it reads, as it's closed-source and slightly fishy. I know it's not malware, but I'd like to see if it accesses, for…

privacy logging file-access

asked Oct 29 '15 at 06:40

PurkkaKoodari

281
1
8

Questions tagged [file-access]