A web shell is a type of web server malware. It is a script uploaded to your web server by an attacker and executed there. The term shell is used to describe a user interface that you use to access services offered by the operating system. Learn how a simple PHP web shell works .

How is a web shell used in an attack?

Web shells are not attacks. Web shells are tools that can be used after a successful attack. If an attacker can upload a file to your server and then run it, they will usually use a web shell. Then, they can continue the attack by running more commands on your web server. Read more about file inclusion, which is a type of an attack that allows the attacker to upload a web shell .

How to discover a web shell?

You can discover web shells manually by regularly analyzing web server logs and files. If you suspect that there is a web shell on your web server, you should filter logs for common keywords used by web shells. Also, monitor network for unusual network traffic and connections (outgoing from your server). Learn more about detecting web shells .

How to prevent attackers from using web shells?

The only efficient way to avoid web shells is to eliminate vulnerabilities that let attackers upload web shells. To eliminate vulnerabilities, you must first find them. For that, you need to use a professional vulnerability scanner like Acunetix, which will not only find vulnerabilities but also tell you how to eliminate them. Learn more about the features of Acunetix Premium .

Web Security Blog | Page 26 of 139

An Introduction to Web Shells (Web Shells Part 1)

Web Security Zone | April 16, 2020 by Agathoklis Prodromou

A web shell is a malicious script used by an attacker with the intent to escalate and maintain persistent access on an already compromised web application. A web shell itself cannot attack or exploit a remote vulnerability, so it is always the second step of…

Web Shells 101 Using PHP (Web Shells Part 2)

Web Security Zone | April 14, 2020 by Agathoklis Prodromou

In part 1 of this series, we looked at what a web shell is and why an attacker would seek to use one. In part 2 of this series, we’ll be looking at some specific examples of web shells developed using the PHP programming language….

Keeping Web Shells Under Cover (Web Shells Part 3)

Web Security Zone | April 14, 2020 by Agathoklis Prodromou

In part 2 of this series, we looked at specific examples of web shells in the PHP programming language. In part 3 of this series, we’ll be looking at some techniques that attackers use to keep web shells hidden. Commands can be sent to the…

Web Shells in Action (Web Shells Part 4)

Web Security Zone | April 14, 2020 by Agathoklis Prodromou

In part 3 of this series, we looked at ways in which a hacker can keep web shells under the radar. In part 4 of this series, we’ll be looking at web shells in action by using Weevely as an example. Weevely is a lightweight…

Web Shell Detection and Prevention (Web Shells Part 5)

Web Security Zone | April 14, 2020 by Agathoklis Prodromou

In part 4 of this series, we looked at web shells in action by using Weevely as an example. In the final part of this series, we’ll be looking at web shell detection and how to prevent their use. Detection If an administrator suspects that a…

NoSQL Injections and How to Avoid Them

Web Security Zone | April 13, 2020 by Tomasz Andrzej Nidecki

A NoSQL injection vulnerability is an error in a web application that uses a NoSQL database. This web application security issue lets a malicious party bypass authentication, extract data, modify data, or even gain complete control over the application. NoSQL injection attacks are the result…

Scanning OWASP Juice Shop with Acunetix

Product Articles | April 9, 2020 by Kevin Attard Compagno

Juice Shop is an intentionally vulnerable web application developed by OWASP for educational purposes. We will go through the steps of deploying this web application and we will run a scan on it using Acunetix as a DAST (black box) tool. The OWASP Juice Shop…

What is Remote File Inclusion (RFI)?

Web Security Zone | April 2, 2020 by Ian Muscat

Using remote file inclusion (RFI), an attacker can cause the web application to include a remote file. This is possible for web applications that dynamically include external files or scripts. Potential web security consequences of a successful RFI attack range from sensitive information disclosure and…

Scan DVWA Application for Vulnerabilities | Acunetix

Product Articles | March 30, 2020 by Bernhard Abele

DVWA is an intentionally vulnerable web application that you can install on your server to test vulnerability scanners or to practice penetration testing. You may want to use DVWA to test the capabilities of the Acunetix vulnerability scanner and compare it to similar tools. This…

Acunetix Web Security Blog