Security News > 2021 > March > Serious Security: Webshells explained in the aftermath of HAFNIUM attacks
Note, of course, that the crooks don't have to be able to run uploaded files right away in order to do serious damage.
In the recent Hafnium attacks, you've probably seen numerous mentions of the attackers using things known as webshells as a trick to launch files that they just infiltrated.
These are known in the jargon as static pages, for obvious reasons: the file stored on the server is the content that gets served every time.
Html file could cause real trouble for your server by causing you to serve up fake news, malware content, or bogus links, so a web server bug that allows arbitrary file writes always spells trouble.
What you're looking at here is a really easy way for crooks who can write files to a web server, but not run them directly, to launch them indirectly instead. If you can infiltrate a file with a scriptable extension into the right place on a web server, then you can visit later just using your browser and force the file to execute on the server, simply by referencing the URL that corresponds to the infiltrated file.
Active Server Pages are safe enough if you only ever allow the server to access trusted script files designed to create legitimate content for the pages you're intending to serve up.
News URL
Related news
- Most Ransomware Attacks Occur When Security Staff Are Asleep, Study Finds (source)
- SQL Injection Attack on Airport Security (source)
- Security measures fail to keep up with rising email attacks (source)
- Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks (source)
- WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks (source)