Look for writable scripts in /etc/crontab that are executed by root.
Most write-ups note that FTP allows Anonymous login . Inside the FTP directory, you will find FUNHXX17.zip among other files. FUNHXX17.zip
Because the unzipping process often runs with high privileges (or as a user with write access to the webroot), you can create a malicious zip file containing a symbolic link . Look for writable scripts in /etc/crontab that are
Follow us on
