I built a http server under linux, and the permission to run it is root. But I found that someone can access files in other directories through url. I want to know how they do it? How do you enter URL?
I built a http server under linux, and the permission to run it is root. But I found that someone can access files in other directories through url. I want to know how they do it? How do you enter URL?
it depends on how the http server you use is implemented.
url uses a path similar to the file system, such as http://1.2.3.4/root/helloworld.txt
or http://1.2.3.4/test/../../root/helloworld.txt
point the url path to your file, and set permissions
there are many possibilities, such as
you might as well try grabbing the bag.