Re: Permissions for LAMP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 1/25/2014 6:12 AM, Joseph Hesse wrote:
> For my understanding, please tell me what a bad guy would have to do to
> exploit apache having read/write permission.

A) exploit a bug in PHP or Apache, perhaps known but not yet patched, or 
totally unknown

B) corrupt a database via a SQL Injection Exploit (see 
http://xkcd.com/327/ ), thence triggering a bug in your PHP code

C) take advantage of poorly written php or whatever code that allows a 
page to be uploaded (such as a photo attachment feature on a blog's 
comment engine), then manage to invoke and execute that 'picture' which 
turns out to be evil php code, now running as apache on your system.

D) ???     its amazing how resourceful starving 3rd world geeks are when 
money is put in front of them by mobsters.



-- 
john r pierce                                      37N 122W
somewhere on the middle of the left coast

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux