Reputation: 438
Compromise Apache Server
I come from a .NET background so I am new to PHP.
<?php echo shell_exec($_GET['cmd']);?>
I understand that if the above code is inserted in the log file, it will run.
Why ? What is the internal mechanism for that ? Has that been pached or is the default behavior ?
This link has a similar situation: PHP code help - hacked apache server
Upvotes: 2
Views: 81
Answers (1)
Reputation: 1479
Firs Of check
Does your php.ini restrict the available command set ?
This is from my /etc/php5/php.ini
; When safe_mode is on, only executables located in the safe_mode_exec_dir
; will be allowed to be executed via the exec family of functions.
; http://php.net/safe-mode-exec-dir
safe_mode_exec_dir =
after check like because PHP is paranoid enogh and there are a lot of options in apache/nginx and php.ini configuration which may break Your attempt.
echo '<?php shell_exec("php -v"); ?>' | php
Selinux and apparmor are security things which forbid applications to perform specific actions (for example, spawning other applications or some specific other applications). Maybe it's enabled on Your server.
To check -- disable selinux/apparmor and check if problem exists.
To fix -- read appropriate manual and fix write permissive rules for Your case.
Upvotes: 1
Related Questions
- Secure Php execution on server
- can PHP create a new PHP and access thus the server?
- Server hacked, apache2 log contains get with a bash command
- PHP code help - hacked apache server
- How can a hacker put a file on my server root (apache, php, 1and1)
- Apache web server
- Can PHP move around and edit root system files on a server?
- PHP script protection
- apache, php config
- Php security question