– I have a wordpress backend web-site hosted on shared hosting
– I have no root access on the server but a limited user with access to mysql database
– I had to clean junk files on uploads directory which was owned by www-data user
– But as i was no super user i can’t delete the file owned by other user, neither can i change ownership of the file owned by other user.
My temporary solution
– wrote a php which could delete a file/directory passed through GET request
Then out of box i just googled “php shell single file” http://lmgtfy.com/?q=php+shell+single+file and the first entry of the result was https://github.com/b374k/b374k.
And ya thats what i wanted.
I could simply clone this code into webservers document root directory. Give the ownership of the directory to apache user.While accessing the code from browser, i could configure the application to my requirement like password, module required and then after it will generate single-file php shell for me with various features
You could not run command ther requires super user access. You can’t even run `sudo -s` or `su` cause there will be no real tty access.You could run apache server from root user but which is risky alternatives.
Hummm there must be `setuid` alternative..