Security Basics mailing list archives
Re: How webpage defacement possible just using web hacking?
From: Eduardo Kienetz <eduardok () gmail com>
Date: Wed, 9 Mar 2005 21:06:38 -0300
On Wed, 09 Mar 2005 23:45:53 +0000, Monty Ree <chulmin2 () hotmail com> wrote:
Hello, Eduardo Kienetz . Thanks for your kind reply about allow_url_fopen. As I know, if he(she) can use allow_url_fopen vuln. to execute some code, he is just nobody not root. Nobody can't change user's index.html or index.php directly because the owner of the index.* is not nobody and the permission is not writable. Am I wrong? Thanks in advance.
Well, you are right up to that point. But, if he/she is able to use that vuln. then it is able to scan the whole system, in Readable files, looking for database passwords or some other vulnerabilty. I would read all log files (especially apache log files) looking for some different pattern. Try searching for: "ls", "cat" Regards, -- Eduardo Bacchi Kienetz http://www.noticiaslinux.com.br/eduardo/
Current thread:
- How webpage defacement possible just using web hacking? Monty Ree (Mar 08)
- Re: How webpage defacement possible just using web hacking? Eduardo Kienetz (Mar 09)
- Message not available
- Re: How webpage defacement possible just using web hacking? Eduardo Kienetz (Mar 10)
- Message not available
- Re: How webpage defacement possible just using web hacking? Eduardo Kienetz (Mar 09)
- <Possible follow-ups>
- RE: How webpage defacement possible just using web hacking? Hamish Stanaway (Mar 09)