• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 886
  • Last Modified:

Linux permissions - how would someone outside the server write to a writeable file?

Let's say I've got a Linux-based server running Apache, and I have a file in the webroot of the site foobar.com called "monkeybutt.txt" with permissions set to 777.

So monkeybutt.txt is world-writeable. But how would someone without SSH/FTP/etc. access to the server actually write to it?
0
IanJBlackburn
Asked:
IanJBlackburn
1 Solution
 
savoneCommented:
You are asking how to hack a website, I do not believe we are able to provide you with this information according to Experts Exchange policy.

But I can tell you if the file is world readable someone can download it by simply going to the url:

http://foobar.com/monkeybutt.txt
0
 
IanJBlackburnAuthor Commented:
I'm asking how someone could hack my website so I can prevent that sort of thing.

I'll rephrase the question: Without SSH, FTP, or other filesystem-level access to the server, is it possible to write to a world-writable file in a website's root directory? Not asking how, just asking if someone could.
0
 
GaryCommented:
Judging by your question history I doubt its for hacking and if you were able to hack a server you would know how to do this.
If they have ftp then usually you can just right click and select edit.
In SSH you would
vi monkeybutt.txt
or
nano monkeybutt.txt

Edit
Read your question wrong. You cannot change the file contents remotely.
If someone wants to hack your server they will normally install 'software' that allows them to change file contents, permissions etc so they can do it remotely.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
IanJBlackburnAuthor Commented:
Thanks, right, I do know how to edit a file if I have filesystem access. I was just wanting to know if someone could edit a file without SSH/FTP/etc. access.

Edit
(just saw your edit - thanks, that's exactly what I was trying to figure out!)
0
 
nociSoftware EngineerCommented:
You can try to PUT a file to the webserver. Esp. if it is writeable by the webserver this can work.
[ default query is GET, and POST is mostly used to upload data, with forms & mime specification ]
if you need a tool for this look for cURL @ http://curl.haxx.se ]
0
 
IanJBlackburnAuthor Commented:
Thanks for the info - I'll look into that.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now