We help IT Professionals succeed at work.

Linux permissions - how would someone outside the server write to a writeable file?

Medium Priority
927 Views
Last Modified: 2012-08-17
Let's say I've got a Linux-based server running Apache, and I have a file in the webroot of the site foobar.com called "monkeybutt.txt" with permissions set to 777.

So monkeybutt.txt is world-writeable. But how would someone without SSH/FTP/etc. access to the server actually write to it?
Comment
Watch Question

CERTIFIED EXPERT

Commented:
You are asking how to hack a website, I do not believe we are able to provide you with this information according to Experts Exchange policy.

But I can tell you if the file is world readable someone can download it by simply going to the url:

http://foobar.com/monkeybutt.txt

Author

Commented:
I'm asking how someone could hack my website so I can prevent that sort of thing.

I'll rephrase the question: Without SSH, FTP, or other filesystem-level access to the server, is it possible to write to a world-writable file in a website's root directory? Not asking how, just asking if someone could.
CERTIFIED EXPERT
Expert of the Year 2014
Top Expert 2014
Commented:
Judging by your question history I doubt its for hacking and if you were able to hack a server you would know how to do this.
If they have ftp then usually you can just right click and select edit.
In SSH you would
vi monkeybutt.txt
or
nano monkeybutt.txt

Edit
Read your question wrong. You cannot change the file contents remotely.
If someone wants to hack your server they will normally install 'software' that allows them to change file contents, permissions etc so they can do it remotely.

Author

Commented:
Thanks, right, I do know how to edit a file if I have filesystem access. I was just wanting to know if someone could edit a file without SSH/FTP/etc. access.

Edit
(just saw your edit - thanks, that's exactly what I was trying to figure out!)
nociSoftware Engineer
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
You can try to PUT a file to the webserver. Esp. if it is writeable by the webserver this can work.
[ default query is GET, and POST is mostly used to upload data, with forms & mime specification ]
if you need a tool for this look for cURL @ http://curl.haxx.se ]

Author

Commented:
Thanks for the info - I'll look into that.

Explore More ContentExplore courses, solutions, and other research materials related to this topic.