It's not normally the default, but there's a world of bad advice out there telling people to chmod everything to 777 so that their PHP CMS can upload files.
Hell, Wordpress recommends against it (and still doesn't do a great job explaining): https://codex.wordpress.org/Changing_File_Permissions#The_da... -- probably because people keep suggesting it. A search for "chmod 777" brings up plenty of examples.
Even chroot will mitigate this, but e.g. reseller types quite often don't have that level of competence.
from Hacker News - New Comments: "WordPress" http://bit.ly/2RKoeRH
via IFTTT
No comments:
Post a Comment