Cookie-Controlled PHP Web Shells: A New Threat to Linux Servers

Threat actors have been discovered using HTTP cookies as a means to control PHP-based web shells on Linux servers, enabling remote code execution, as reported by the Microsoft Defender Security Research Team.

This new tactic involves utilizing cookie values supplied by threat actors to gate the execution of malicious commands, rather than relying on traditional methods such as URL parameters or request bodies.

The use of cookies as a control channel for web shells adds an extra layer of complexity to the attack, making it more challenging to detect and prevent.

By leveraging HTTP cookies, attackers can persist on compromised systems via cron jobs on Linux servers, allowing for sustained remote code execution and increased control over the targeted system.

Microsoft’s findings highlight the evolving nature of web shell attacks and the importance of monitoring HTTP traffic and cookie activity to identify potential security threats.

Source: Original Article

Press ESC to close

Share Article:

Tarang Parmar

China-Linked TA416 Targets European Governments with Advanced Malware and Phishing Tactics

North Korean Hackers UNC1069 Use Social Engineering to Breach npm Package Axios