By ekabanov
via dow.ngra.de
Published: Nov 04 2008 / 12:40
About 10 years ago a friend of mine showed me an exploit. It was written in C and it tried to spawn a shell at a remote host. It seemed pretty cool. I did not understand the code but the mere idea that almost anybody equipped with a script like that could deface a webpage seemed scary.
-
OS4L - Inter Portlet Communication(IPC) via Ajax
-
Creating the Virtual Experiment Laboratory app with the Visual Studio 3D Starter Kit
-
NuoDB: Modern Alternative to Database Sherding
-
Work Life Balance: How to Take Control
-
Windows Dev Center: Updates to the game portal
-
Top 10 Tools for Mac and iOS Development
Comments
ashiro replied ago:
I was a script kiddie once - until I became respectable! In my day we didn't have fancy stuff like that.
rkg replied ago:
Solutions: Chroot your web server. Avoid any suid/sgid tool inside the chroot. Use fastcgi (Lighttpd works OK for me) and let every domain running their own sockets with their own user. This is a nice guide about it:
http://redmine.lighttpd.net/wiki/lighttpd/HowToSetupFastCgiIndividualPermissions
Be careful also with MySQL permissions. End of problem.
antych replied ago:
behold the power of PHP ;)
this is quite impressive
Voters For This Link (30)
Voters Against This Link (1)