[CentOS] Permissions for LAMP
John R Pierce
pierce at hogranch.com
Sat Jan 25 17:55:25 UTC 2014
On 1/25/2014 6:12 AM, Joseph Hesse wrote:
> For my understanding, please tell me what a bad guy would have to do to
> exploit apache having read/write permission.
A) exploit a bug in PHP or Apache, perhaps known but not yet patched, or
totally unknown
B) corrupt a database via a SQL Injection Exploit (see
http://xkcd.com/327/ ), thence triggering a bug in your PHP code
C) take advantage of poorly written php or whatever code that allows a
page to be uploaded (such as a photo attachment feature on a blog's
comment engine), then manage to invoke and execute that 'picture' which
turns out to be evil php code, now running as apache on your system.
D) ??? its amazing how resourceful starving 3rd world geeks are when
money is put in front of them by mobsters.
--
john r pierce 37N 122W
somewhere on the middle of the left coast
More information about the CentOS
mailing list