Website hack – discovering vulnerabilities
The easy type of vulnerability, because a php o python or other type of file could be uploaded and, once called can represent a backdoor on server machine.
For instance, if the server knows php, then through a program call e weevly, a php shell can be created (by weevly) and uploaded. From that moment it’s enough to get the URL of the uploaded php shell and through weevly we can connect to the server (starting from the folder where the shell has been saved).
Command execution vulnerability
This type of vulnerability allows to execute OS command on the target server.
When a function in the webpage allows to execute OS command (a ping for instance)
we can add a “;” after the command executed adding a second command.
For instance, in a page that allows to do a ping, after the IP address we can add “; pwd”
Local/Remote file inclusion
it allows to read files outside www directory
When a webpage includes, using URL, another page we can include, using relative path, other files on the server, and their content will be displayed.
Same happens in case the webserver allows to include remote file. In that case we can include a file made by us, and available remotely, which could contain a command tha will be executed when we include the remote file
Always check the content type (and not the extension) of the file uploaded (images/media,…)
Don’t use it or filter the input
Prevent remote file inclusion
Use static file inclusion and not dynamic one.