Tuesday, May 29, 2012

|| How to Patch Symlink ||

How to Prevent Symlink Attack
by Shubham Upadhyay
:: 0x01 Introduction ::

What is Symlink?

Symlink, commonly known as Symbolic links. It is used for creating shortcuts in Linux.
Bad Impact of Symlink - Suppose you own a small hosting company with a Linux Box, & 1337 sites are hosted there. If an attacker gains access to any single site on your server, he can easily create a symbolic link to / directory & then putting the document root afterwards it. Now the attacker can easily read sensitive files, that can be the configuration file of your billing system. Since, he has local access, now he can easily connect to the mysql & pwn all your clients, & the whole company.
How Symlink is Created - A basic linux command is used in creating symlink. i.e,
ln -s source_file link_name

:: 0x02 Protecting ::

Patching Symlink-
  1. Change the permission of /bin/ln to 400.
  2. Locate php.ini by command- “locate php.ini” (without quotes) Edit the main php.ini & disable symlink & proc_open.
  3. If you have a shared host, & it is vulnerable to symlink.Then, change the permission of your configuration files to 400.
  4. Turn PHP safe_mode ON

Contact Me-  http://fb.me/ShubhaM1337


  1. accha h yar ............ 3xpIre Fuck U

  2. i like it msat kaam bhi kar rha hai

  3. Make a text file with a "/"... Save it with name.txt... Zip it... Upload file on server and unzip it... You will get access to root folder even if the 400 permission for "ln"... :P:P:P

    1. thnks...
      Options Indexes FollowSymLinks
      DirectoryIndex test.htm
      AddType txt .php
      AddHandler txt .php

      save it as htacess n upload it

  4. Giving 400 permission to "zip" and "rar" can also be an another solution on it:):):)