问题
I'm with a web application that let anonymous users to upload images, transform them and get them later. I have a directory with www-data group owner and 1770 permissions, where the images are uploaded. In Apache configuration, AllowOverride set to none and Options to -Indexes.
The input validation is controlled, so would be difficult to exploit.
The question is:
How could anyone write files in that directory (if input validation is controlled), where Apache user has permissions to do it?
And what changes when the permissions are set to 777?
来源:https://stackoverflow.com/questions/19538791/how-can-an-apache-user-write-files-when-having-permissions-to-do-it