[nycbug-talk] Searching for suspect PHP files...

[Max Gribov]

Matt Juszczak wrote:
>
> perl run as the www user... well, if its being run as the www user, 
> not much they can do right?  Not with the permissions of the www user, 
> anyway.
well, you can upload a local exploit, run it as www user, gain root and 
make it bind a shell or drop in some php backdoor or whatever..

Andy made a good point about using MAC, and also you can use something 
like tripwire to check your upload dirs/web application source/etc, but 
tripwire gets pretty tedious cause someone has to parse the input..