On 1/25/2014 6:12 AM, Joseph Hesse wrote:
> For my understanding, please tell me what a bad guy would have to do to
> exploit apache having read/write permission.
A) exploit a bug in PHP or Apache, perhaps known but not yet patched, or
totally unknown
B) corrupt a database via a SQL Injection Exploit (see
http://xkcd.com/327/ ), thence triggering a bug in your PHP code
C) take advantage of poorly written php or whatever code that allows a
page to be uploaded (such as a photo attachment feature on a blog's
comment engine), then manage to invoke and execute that 'picture' which
turns out to be evil php code, now running as apache on your system.
D) ??? its amazing how resourceful starving 3rd world geeks are when
money is put in front of them by mobsters.
--
john r pierce 37N 122W
somewhere on the middle of the left coast
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
