Hello,
I am just wondering what kind of security Plesk Panel is trying to reach with things like open_basedir etc.
As an attacker, if I can execute PHP on the server, I can just execute a perl script which then can read all dirs/files that are readable by apache from the COMPLETE server. There is as far as I know no way to prevent this with only Plesk configuration.
So basically I try to break in some CMS like WordPress, upload a PHP script with it and then I got a whole lot more possibilities as "just" messing with the httpdocs folder.
This will of course work if Perl is DISABLED for the domain.
Feedback from the Plesk team is greatly appreciated.
If anyone is concerned about his/her security and dont know how to fix issues like this, you can contact me via PM.
Best
Mario
I am just wondering what kind of security Plesk Panel is trying to reach with things like open_basedir etc.
As an attacker, if I can execute PHP on the server, I can just execute a perl script which then can read all dirs/files that are readable by apache from the COMPLETE server. There is as far as I know no way to prevent this with only Plesk configuration.
So basically I try to break in some CMS like WordPress, upload a PHP script with it and then I got a whole lot more possibilities as "just" messing with the httpdocs folder.
This will of course work if Perl is DISABLED for the domain.
Feedback from the Plesk team is greatly appreciated.
If anyone is concerned about his/her security and dont know how to fix issues like this, you can contact me via PM.
Best
Mario
Last edited: