apache user submitting file /tmp (exploit)

cPanelLauren

Forums Analyst II
Staff member
Nov 14, 2017
9,366
799
263
Houston
The following should do this:
Code:
grep cwd /var/log/exim_mainlog | grep -v /var/spool | awk -F"cwd=" '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -n
securetmp forces it to be remounted with the nosuid option. This forces a process to run with the same privileges of the user who executes it. It does not keep a user from being able to send mail via a script Tips to Make Your Server More Secure | cPanel & WHM Documentation
 

daemoncesar

Well-Known Member
Aug 28, 2013
58
0
6
cPanel Access Level
Root Administrator
[[email protected] ~]# grep cwd /var/log/exim_mainlog | grep -v /var/spool | awk -F"cwd=" '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -n
1
1 /home/artelaje/public_html/site/contato
1 /home/blubiers/public_html
2 /home/chiodini/public_html
3 /home/demasul/public_html
4 /usr/local/cpanel/whostmgr/docroot
5 /root
10 /home/grupostarke/public_html
12 /home/babybear/public_html/wp-admin
16 /home/portecsc/public_html/scripts
25 /home/fortcom/public_html
36 /home/babybear/public_html
142 /
[[email protected] ~]#