I am developing a web application and I am wondering if someone has a full read-only access to my filesystem, can this person (assuming that he is aware of everything necessary) have a write access to the system?
For example, if you have a PHP script that outputs contents of any files on the server – will someone really be able to gain a write access to the system somehow? Like… can he rewrite the PHP script?
I’m talking about web servers… so both Windows & Linux related comments are welcome. Also, are there cases where the cracker could have a write access to most files, but not to all on the system?
I’m just curious. To sum up: “Can a PHP local file include vulnerability ever give the cracker a write access to the files?”
A malicious user could download your password file and get cracking, or perhaps read the MySQL user table and get the password for your MySQL root user. Then use that user to gain further access using a privilege escalation exploit or something similar.
Substitute password file for registry (or SAM) and MySQL for MSSQL and the same argument works on Windows. No, it won’t be very easy but yes, they will succeed.
Do not give anyone full (read) access to your system, ever!
Perhaps. The probability of someone being able to hack your server in that situation is non-zero, therefore you cannot afford allow such a security hole to exist. They may not be able to rewrite your PHP script, but a read-only db user can perfectly use an exploit in the database server for example.