I have a question about the security of a server when the 777 Permissions are open.
This is the code:
<?php
// collect the cookie - save the data
if(!isset($_COOKIE["markertype"])) {
echo "Cookie named markertype is not set!";
} else {
echo "Cookie markertype is set!<br>";
echo "Value is: " . $_COOKIE["markertype"];
$file = 'newfile.txt';
// Open the file to get existing content
$current = file_get_contents($file);
// Append a new person to the file
$current .= $_COOKIE["markertype"];
// Write the contents back to the file
file_put_contents($file, $current);
}
?>
Basically the system allows users to do stuff in javascript, I then set a cookie in JS with some user information that they put in the system. I then send that to PHP via a cookie to store this information on the server. The problem was that the server didn't have the permission to write to a file, so i proceeded to give full 777 access to the entire directory.
I think this opens me up to full XSS attacks and more, what is my alternative or can i secure the server in a different way? the server is NOT mine, therefore I only have certain access.
