Directory Traversal Attacks

One variant of this attack is the Symlink Bypass Attack (also known as symlink race attack)

Quick Description
An attack where an attacker is able to create symbolic links between a file on their website and one on your website in shared servers.

How is this possible?
PHP and shared web server spaces. Most of these shared web services allow users to, for example, write CRON rules. CRONTAB is a *nix utility that in the sense of web serving, essentially allows PHP command line being run on the server at set intervals. An attacker can use this on unpatched webservers to write symlink rules linking your websites files to files in their own web space.

@symlink( $yourfilepath, $attackersfilepath );

Imagine if $yourfilepath was equal to the path to your WordPress wp-config.php file, and $attackersfilepath was equal to any file they have installed on their webserver, an attacker would then be able to access your websites database credentials in your wp-login.php by accessing *their* file.

Some shared web services have patched this issue in the server’s kernel where the fix can only really be applied. Others have implimented fixes at the web server level. You can research to see if your shared web service has applied these patches at the kernel level, if so then your shared webserver hosted website is probably not vulnerable to these symlink race attacks.

Beware of typical solution for *web users*

Users are encouraged to add this to .htaccess
Options -FollowSymLinks +SymLinksIfOwnerMatch

None of these will effectively prevent a malicious symlink on a vulnerable webserver. The best solution again is to NOT use shared web hosting, use a virtual private server where all the websites in the VPS are all yours. The next best solution is to make sure your shared host webservice has patched the vulnerability at the *kernel*.