Skip to main content
Information Security

You are not logged in. Your edit will be placed in a queue until it is peer reviewed.

We welcome edits that make the post easier to understand and more valuable for readers. Because community members review edits, please try to make the post substantially better than how you found it, for example, by fixing grammar or adding additional resources and hyperlinks.

9
  • 19
    "upload a PHP web shell and (possibly) access all websites located on that server" is it really that easy to gain access to all other websites on the same server? I guess for this to work there must be some server misconfiguration to allow such thing? Commented Mar 9, 2016 at 8:27
  • 1
    I know that with Direct Admin (out of the box) this works. But there are other ways to enumerate valid home directories / domain names when having shell on the server when these permissions are a bit more strict. Commented Mar 9, 2016 at 8:54
  • 1
    I know you don't want to advertise it, but what VPS are you referencing? "A good VPS (6GB RAM - SSD disks) can be purchased for $7 a month." Commented Mar 9, 2016 at 19:27
  • 2
    Google "VPS Dime" and you'll find it. Commented Mar 9, 2016 at 21:22
  • 1
    "I could just simply (in your case) upload a PHP web shell and (possibly) access all websites located on that server. This is even possible if file permissions are setup properly" - so are you saying that jails are inherently broken or just that some hosting providers don't use them or misconfigure (is there much to misconfigure? seems simple to me) them? Not really keeping up with current state of the art exploits, but I did assume that they worked as advertised, apart from possible bugs in some implementations which can never be excluded. Commented Mar 9, 2016 at 21:29