Skip to content
Better HN
Top
Best
Ask
Show
New
Jobs
Search
⌘K
0 points
slow_typist
9mo ago
0 comments
Save
Share
Humans have to put the so called php-file on the server intentionally for any subsequent attack to work. But it is a binary file.
0 comments
2 comments · 1 top-level
top
newest
oldest
h33t-l4x0r
9mo ago
· 1 in thread
I imagine it's supposed to get onto the server by an exploited vulnerable image upload plugin
slow_typist
OP
9mo ago
Maybe I don’t understand the scenario fully, but under your assumption there is no need to inject the malicious webshell later.
j
/
k
navigate · click thread line to collapse
