Y
Hacker News
new
|
ask
|
show
|
jobs
by
slow_typist
272 days ago
Humans have to put the so called php-file on the server intentionally for any subsequent attack to work. But it is a binary file.
1 comments
h33t-l4x0r
272 days ago
I imagine it's supposed to get onto the server by an exploited vulnerable image upload plugin
link
slow_typist
272 days ago
Maybe I don’t understand the scenario fully, but under your assumption there is no need to inject the malicious webshell later.
link