Posted Friday 09 May 2003

Wrestling with the Angel of Hack

Searching a method permitting BlogBoys users to edit their AboutMe, I was hunting a php programmer. A Nucleus forum visitor pointed me toward a free script to do the job, and once downloaded and installed, it's great and it's terrible.

It's great because I can copy the script anywhere into html space, then browse there, and presto I can see inside most any folder on the server. In any folder world-writable, I can copy files, make links to files, delete files, edit files. Neat.

It's terrible because, if I can do it, anybody can do it. Getting into a previously 'secured' folder and stealing the credit-card number proved way easy. If I can't throttle this boy into acting with some restraint, he's outta here!