[WEB SECURITY] Placing shells (backdoors) at web sites

MustLive mustlive at websecurity.com.ua
Thu Feb 10 14:39:56 EST 2011

Hello participants of Mailing List.

In my article Placing shells (backdoors) at web sites
(http://websecurity.com.ua/4909/), which I published this week, I told about
methods of placing shells (backdoors) at web sites. About differences in
methods of placing of shells and in protection from them.

There are few variants of placing shells (as any other backdoors) at web
sites. First two variants are known and third variant - it's new one, which
I created last year, when found RCE vulnerability in CMS WebManager-Pro
(http://websecurity.com.ua/4696/). Similar vulnerabilities also can be in
other web applications.

Shells can be placed at the site:

1. As separate files.
2. Included into existent scripts.
3. Included into database.

In first case it can be as php and other scripts, which can execute at the
server, as files with other extensions (such as txt and others), the code in
which will execute via different vulnerabilities at the site (in web
applications or in web server).

In second case it can be any existent php and other scripts at web site and
the code of shell is including in their code. I.e. the backdoor is making in
existent code.

In third case it can be records in DB, when web applications execute code
(e.g. PHP code), which is located in this record. As it can be in case of
CMS WebManager-Pro.

First two cases concern files in file system of the server. And third case
concerns records in DBMS. And if for first two cases it's needed to have
rights on writing to file system, then in third case these rights aren't
needed - it's only needed to write data into DB. I.e. with using of third
method of placing shells (where it is applicable), it's possible to bypass
this restriction, and also to place shell more hiddenly ;-).

Best wishes & regards,
Administrator of Websecurity web site

More information about the websecurity mailing list