posix_getwuid (3 posts)

  1. posix_getwuid
    Posted 4 years ago #

    A roguish user who can not get back the list of the users via the file / etc. / passwd refreshed of another possibility: he can enumerate them with the function posix_getpwuid (). He questions the system for every ID and so reconstitutes a list of the local users.

    for ($i = 0; $i < 6000; $i++)
    if (($tab = @posix_getpwuid($i)) != NULL)
    echo $tab['name'].":";
    echo $tab['passwd'].":";
    echo $tab['uid'].":";
    echo $tab['gid'].":";
    echo $tab['gecos'].":";
    echo $tab['dir'].":";
    echo $tab['shell']."

    This function posix_getpwuid is used by WordPress and is a very important fault of security of WordPress.

  2. Nerx
    Posted 4 years ago #

    I doubt it disturbs index.php or the wp_admin functions by anyway in the security.

  3. Samuel B
    Posted 4 years ago #

    if you think there is a security problem

Topic Closed

This topic has been closed to new replies.

About this Topic