Htaccess Web Shell
Via Mubix I have found this post that describes a new way to upload a web shell to a server.
This method uploads .hta ccess files to change how the server behaves. The nice trick here is that the file itself:
- Allows the .htaccess files to be displayed
- Tells Apache that the contents of the .htaccess files must be interpreted by PHP (the file itse lf will be executed by the PHP interpreter)
- The last part of the file contains PHP code that will pass commands to the operative system.
As a side note, the author also comments t hat this trick can also be applied to jsp and mod_perl installations.
Some informatio n on securing file uploads, from OWASP.