FreeBSD 6.3 installation hacked
Leandro Quibem Magnabosco
leandro.magnabosco at fcdl-sc.org.br
Tue Sep 22 12:58:20 UTC 2009
Aflatoon Aflatooni escreveu:
> I found a script in /tmp directory which could have been uploaded using php or Java.
> How would they execute the code in /tmp directory?
>
> Thanks
>
>
You can execute files from scripts or from apache itself when they are
scripts.
There are several programming/scripting languages that are accessible by
web and those are the ones that an intruder will have to use to exploit
some scenario like yours.
Take some time to read this doc:
http://www.dataloss.net/papers/how.defaced.apache.org.txt
It is pretty interesting as, unfortunately, it suits the same scenario
you, unintentionally, created for the hackers.
Cheers,
--
Leandro Quibem Magnabosco.
More information about the freebsd-questions
mailing list