undefined | Better HN

0 pointsslow_typist6mo ago0 comments

Humans have to put the so called php-file on the server intentionally for any subsequent attack to work. But it is a binary file.

0 comments

I imagine it's supposed to get onto the server by an exploited vulnerable image upload plugin

Maybe I don’t understand the scenario fully, but under your assumption there is no need to inject the malicious webshell later.

j / k navigate · click thread line to collapse

0 pointsslow_typist6mo ago0 comments

Humans have to put the so called php-file on the server intentionally for any subsequent attack to work. But it is a binary file.

I imagine it's supposed to get onto the server by an exploited vulnerable image upload plugin

Maybe I don’t understand the scenario fully, but under your assumption there is no need to inject the malicious webshell later.

j / k navigate · click thread line to collapse