Detecting web shells uploaded to compromised servers with Google
In this post we are going to search with Google, servers that have been compromised and they are hosting a webshell. The most common method to upload a webshell to a server is RFI (Remote
File Inclusion). RFI is a vulnerability that allows an attacker to
upload a remote file like a script or webshell. With a webshell, you can manage the server, read/create/remove files/upload files, execute commands on the remote server... The common webshells are c99.php, c100.php, r57.php. You can find servers hosting this webshells with the next google dorks
* Note that some links don't contain webshells because
administrators have removed the shell from their servers or the
webmaster are using black SEO.
Subscribe to:
Posts (Atom)
0 comments:
Never Forget To Say Thanks :D