What Is Symlink Attack & How Its Done?

Bullten

Member
A Symlink Aka symbolic link is a virtual link pointing to a file in a directory. In shared Linux environment hard disk space in divided in several parts for different account. When proper security measures are not taken it may happen a shared hosting account can take over to another shared hosting account on same server by launching symlink attack. Certain measures have been taken by companies to block these types of attack and they have build their own private patches to harden server security. But what are you doing to stop symlink? Search online you will get solutions like blocking follow symlink or changing some settings in httpd.conf. Enough post and solutions are still not available only or by search in depth you will find for every solution there is a break thru. There are many ways and means to bypass those settings and initiate symlink attacks to break server security but I am not going to explain how to do it. Lets see how this attack can be initiated.

How It’s Done?

Well just by passing a proper symlink query will do the job.

Syntax:

Code:
ln -s target_file_path new_file_name

Suppose you have a site xyz.com a wordpress site on a cpanel server and its user is xyz and another user abc.com just have to run below command to get that file:
Code:
ln -s /home/xyz/public_html/wp-config.php wo.txt

This will get full source code of that file and known as full file disclosure vulnerability. Run the symlink attack on your server to make sure you are safe.
 
Back
Top