Warning: file_exists(): open_basedir restriction in effect. File(/tmp/mysql.sock) is not within the allowed path(s): (/home/quantsite1992473113/:/usr/share/) in /home/quantsite1992473113/quantsite.199-247-3-113.myboltip.com/public_html/index.php on line 154

Warning: file_exists(): open_basedir restriction in effect. File(/tmp/.s.PGSQL.5432) is not within the allowed path(s): (/home/quantsite1992473113/:/usr/share/) in /home/quantsite1992473113/quantsite.199-247-3-113.myboltip.com/public_html/index.php on line 154

Warning: file_exists(): open_basedir restriction in effect. File(/var/lib/mysql/mysql.sock) is not within the allowed path(s): (/home/quantsite1992473113/:/usr/share/) in /home/quantsite1992473113/quantsite.199-247-3-113.myboltip.com/public_html/index.php on line 154
Tenant Isolation & Impersonation Test

Tenant Isolation & Impersonation Test

LiteSpeed / LSPHP / CloudLinux isolation & impersonation probe
SAPI litespeed PHP 7.4.33 Host quantsite.199-247-3-113.myboltip.com Tenant quantsite1992473113 User quantsite1992473113 DOC_ROOT /home/quantsite1992473113/quantsite.199-247-3-113.myboltip.com/public_html
0
Checks
0
Pass
0
Fail
0
N/A
Plant /tmp secret Plant into /home/bobi/tmp Clean

1) open_basedir

CheckValueResultNote
open_basedir/home/quantsite1992473113/:/usr/share/PASSrestriction set
read /etc/passwddeniedPASSblocked
list /etcdeniedPASSblocked
list / (root)deniedPASSblocked
list /home (tenant enumeration)deniedPASSblocked
read /etc/shadowdeniedPASSblocked (DAC/basedir)

2) /tmp cross-tenant leak


Warning: file_exists(): open_basedir restriction in effect. File(/tmp/pentest_public_html_f61fc70626bffbf0a48a37e46c3a0629.txt) is not within the allowed path(s): (/home/quantsite1992473113/:/usr/share/) in /home/quantsite1992473113/quantsite.199-247-3-113.myboltip.com/public_html/index.php on line 595
CheckValueResultNote
this tenant tmp file/tmp/pentest_public_html_f61fc70626bffbf0a48a37e46c3a0629.txtPASSnot planted yet
other tenants /tmp markersnonePASSno foreign pentest_* visible
/tmp/sess_* leaknonePASSno foreign sess_* readable
/tmp/mysql.sock exists?noPASSnot present
/tmp/.s.PGSQL.5432 exists?noPASSnot present
/var/lib/mysql/mysql.sock exists?noPASSnot present

3) suEXEC / process identity

CheckValueResultNote
PHP process userquantsite1992473113 (uid=? gid=? real_uid=?)PASSlooks per-user
Process groupsPASSmust NOT be in "apache" group (would allow reading other FPM sockets)
Expected owner from DOC_ROOTquantsite1992473113PASSmatches
Newly-written file owner2002FAILwrong owner

4) Cross-tenant impersonation (target: bobi)

ProbeResultStatusNote
stat /home/bobideniedPASSblocked
list /home/bobideniedPASSblocked
list /home/bobi/public_htmldeniedPASSblocked
read /home/bobi/.bashrcdeniedPASSblocked
read /home/bobi/.bash_historydeniedPASSblocked
read /home/bobi/.ssh/authorized_keysdeniedPASSblocked
read /home/bobi/.ssh/id_rsadeniedPASSblocked
list /home/bobi/tmp/sessionsdeniedPASSblocked
write to /home/bobi/tmp/deniedPASSblocked
common config files (wp-config/.env/etc.)none readablePASSblocked

5) open_basedir bypass tricks

TrickResultStatusNote
symlink to /etc/passwdblockedPASSblocked
symlink /tmp -> /home/bobi/.bashrcblockedPASSblocked
glob:// /etc/*blockedPASSblocked
glob:// /root/*blockedPASSblocked
phar:// write testn/aN/Aself-target — not a cross-tenant probe
chdir + ../ escapeblockedPASSblocked
realpath() outside basedirnullPASSblocked

6) disable_functions & command execution

FunctionStateStatusNote
execdisabledPASS
shell_execdisabledPASS
systemdisabledPASS
passthrudisabledPASS
proc_opendisabledPASS
popendisabledPASS
pcntl_execdisabledPASS
mailENABLEDPASS
imap_opendisabledPASS
dldisabledPASS
putenvENABLEDPASS
posix_killdisabledPASS
posix_setuiddisabledPASS
posix_seteuiddisabledPASS
actual `id` output(no exec function produced output)PASSall exec attempts blocked

7) /proc enumeration

CheckValueStatusNote
list /procdeniedPASSblocked
read /proc/self/statusdeniedPASSblocked
read /proc/<PID>/environ or cmdline of other PIDsnonePASSblocked

8) Privilege escalation / FPM socket impersonation

ProbeResultStatusNote
posix_setuid(0)disabledPASSexpected to fail
posix_seteuid(0)disabledPASSexpected to fail
list /run *.sockdenied/nonePASSblocked
connect to foreign FPM socketn/aN/Anothing foreign to test against

raw php config

SettingValue
open_basedir/home/quantsite1992473113/:/usr/share/
disable_functionspcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,exec,passthru,shell_exec,system,proc_open,proc_close,proc_get_status,proc_nice,proc_terminate,popen,dl,show_source,posix_kill,posix_mkfifo,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname
upload_tmp_dir/home/quantsite1992473113/tmp
sys_temp_dir/home/quantsite1992473113/tmp
session.save_path/home/quantsite1992473113/tmp/sessions
sendmail_path/usr/sbin/sendmail -t -i

loaded php extensions

32 extension(s) loaded.

bz2                     filter                  litespeed               shmop
calendar                ftp                     mysqli                  SimpleXML
clos_ssa                gettext                 openssl                 SPL
Core                    gmp                     pcntl                   sqlite3
ctype                   hash                    pcre                    standard
curl                    iconv                   readline                tokenizer
date                    json                    Reflection              xml
exif                    libxml                  session                 zlib

Tip: deploy this same file to /home/bobi/... and visit both vhosts. Use ?action=plant on tenant A, then visit tenant B with ?other=quantsite1992473113 — section 4 should show all PASS.