Y
Hacker News
new
|
ask
|
show
|
jobs
by
o11c
272 days ago
Keep in mind that the stated use is cache-poisoning of automated scanners, not fooling humans.
1 comments
slow_typist
272 days ago
Humans have to put the so called php-file on the server intentionally for any subsequent attack to work. But it is a binary file.
link
h33t-l4x0r
272 days ago
I imagine it's supposed to get onto the server by an exploited vulnerable image upload plugin
link
slow_typist
271 days ago
Maybe I don’t understand the scenario fully, but under your assumption there is no need to inject the malicious webshell later.
link