The security team had dumped the log file and gave it to us. The script itself is obfuscated, pretty hard to be understood at a glance. The uploaded file contains a reverse shell script. The upload feature is vulnerable to arbitrary file upload and got exploited. Okay, so the scenario is, there is a web page built using PHP that has an upload feature. We monitor our network 24/7 and generate logs from tcpdump (we provided the log file for the period of two minutes before we terminated the HTTP service for investigation), however, we need your help in analyzing and identifying commands the attacker wrote to understand what was compromised. Suchlike, the hacker has uploaded a what seems to be like an obfuscated shell (support.php). An attacker has found a vulnerability in our web server that allows arbitrary PHP file upload in our Apache server.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |