2 comments

[ 3.1 ms ] story [ 35.3 ms ] thread
Seriously? Who allows uploads to a web-accessible directory with execution enabled?

There are so many options that can be transparently used to protect against this without randomly searching for uploaded web scripts.

It was uploaded through a client account via sftp, not injected into the actual directory by any other means. I think that's outlined in the post.