[nycbug-talk] Searching for suspect PHP files...
max at neuropunks.org
Tue Mar 3 17:26:28 EST 2009
Matt Juszczak wrote:
> perl run as the www user... well, if its being run as the www user,
> not much they can do right? Not with the permissions of the www user,
well, you can upload a local exploit, run it as www user, gain root and
make it bind a shell or drop in some php backdoor or whatever..
Andy made a good point about using MAC, and also you can use something
like tripwire to check your upload dirs/web application source/etc, but
tripwire gets pretty tedious cause someone has to parse the input..
More information about the talk