i have a friend who have created a website and his
database is created with text files
when php execute the code the chmod is from 000 to 755 an
and on the server the file si on 000
but is it really secure or not ?
if we don't know the files name can we download the texts files ?
( sorry for my bad english )
well im not going to say im much of a linux guru on the file chmod and permission attributes but what type of db does he use and does it do any queries from the dbms or are they flat file databases? ie a text file
there is no database
depending on the php code and the webserver you may be able to do a file inclusion vulnerability and try to take over the server go to www root
and locate the text file names then download them
or just try to use a brute force directory tool see if it can grab the names of the files
honestly not sure just trying to be helpful
he disallow the rights files on the server
i'm going to try with a brutforce to grab the files