Whats all this talk of 'Shell's' like Qamp saying he put a Shell on Habbox, & Shell's on Habbos what are they?
+Rep for help
Ross

It's a way to remotely control a PC basically.

So by people uploading shell's to websites they can control loads of people?
& they dont have to accept ot anything?

So by people uploading shell's to websites they can control loads of people?
& they dont have to accept ot anything?

Lol Ross, I think that's impossible. I don't know much about shells but I guess they can control the server where the site is hosted on, not the people visiting.

Has anyone got Qamps msn?

I do lol.

It basically uses PHP as a "connection-point" to the server.

It really depends on the settings, and the permissions alloted to the user running PHP, usually behind Apache.

Sometimes you can accomplish quite alot, and sometimes not much.

Most of the time you can at least view /etc/passwd, and if opendir is enabled, modify files outside of the /home/bla/ directory.

Most allow you to edit/delete/upload files, connect to a MySQL server with it's own "built-in phpMyAdmin", and a few other features such as chmod.

It basically uses PHP as a "connection-point" to the server.

It really depends on the settings, and the permissions alloted to the user running PHP, usually behind Apache.

Sometimes you can accomplish quite alot, and sometimes not much.

Most of the time you can at least view /etc/passwd, and if opendir is enabled, modify files outside of the /home/bla/ directory.

Most allow you to edit/delete/upload files, connect to a MySQL server with it's own "built-in phpMyAdmin", and a few other features such as chmod.

but if in PHPMYADMIN auth is set to httpd then they can't gain access to the SQL server, right?

but if in PHPMYADMIN auth is set to httpd then they can't gain access to the SQL server, right?
Incorrect, it doesn't matter about phpMyAdmin's settings, as it is a seperate program to MySQL.

MySQL is the server, phpMyAdmin is just a program/utility to connect to it.

Just like FTP is the server, and FireFTP/CuteFTP/SmartFTP is the program to connect to it, it still uses your MySQL/FTP details (in each situation).

phpMyAdmin can be set to whatever setting you want, but yet.. it's the MySQL server that the built-in one is connecting to.

Lol, I imagine this 'shell' would of been put under a downloads page or something, or he's chatting utter ****. :P

Lol, I imagine this 'shell' would of been put under a downloads page or something, or he's chatting utter ****. :P
Mis-configured/unsafe upload scripts are a main cause of them being on the server.