Quote:
Originally Posted by ScottHughes  I understand that 777 gives full rights to everyone, but how does it let people hack into your system? How can we make sure the file or folder is secure? |
You need to make sure you filter your inputs, if a username is put in a text box unless you filter/validate it, it may contain a command which could get all the information from your database, have a look around google for security on protecting against SQL injections, Shell attacks etc.
As far as the shell goes, there has to be a way to upload, like on one version of phpBB, i think it was 2.0.10 and below (thats a think) you could upload a shell as a .gif file and when the hacker loads the shell it would load as it should allowing them to browse you files and get to your databases and steal/destroy a lot of things.