How I Hacked 40 Websites in 7 minutes
Georgios Konstantopoulos

Nice find. File upload is always scarily dangerous when unprotected.

Just a word of caution from one white hat to another… Getting the site owner’s permission is not really sufficient where they do not own the web server. In this case the shared hosting provider would be within their rights to complain about your activities, so you should always check with the infrastructure owner first (and get written permission).

One more thing — kernel exploits like dirty c0w are temperamental and can easily crash a server and kill a website. I’d recommend you exhaust all your other privesc options before that — and only use them if explicitly agreed with the site/server owner. Noting to the site owner that their kernel version is listed as vulnerable should be sufficient to prove your point in any case.

All that said, nice write-up and all the best for your professional development ☺

Like what you read? Give Andy Tyler a round of applause.

From a quick cheer to a standing ovation, clap to show how much you enjoyed this story.