“php shell script on my server”
I have a webserver where i’ve found several different php shell scripts and I’d like to know how they got there. Are there known vulnerabilities that allow uploading of php files to a server?
I have several sites running on this server with several php script packages including…
Any ideas or pointers will be appreciated!
There are several vulnerabilities in both off the shelf products as well as custom PHP scripts that would allow “uploading”, in essence they don’t need to upload, they just need to get your PHP scripts to execute an arbitrary (outside) PHP script.
PHPbb has several:
Listed as Code Execution, Arbitrary File Upload, etc.
While zencart has just one problem:
But that could be misleading, and just mean that the software is very uncommon.