During a web application penetration test against a cPanel-based shared hosting server, you have obtained limited shell access inside the home directory of one customer account. Apache is configured with the default FollowSymLinks option enabled and no additional symlink protection modules are loaded. You need to extract database credentials from another tenant's wp-config.php file without obtaining root privileges. Which technique is most likely to let you access the target file inside the shared environment?
Exploit host-header injection to make the virtual host for otheruser.com resolve to your document root.
Perform a directory traversal attack using multiple ../ sequences to overwrite the target's .htaccess file.
Run an SQL injection against the mysql.user table to dump all stored passwords from the shared MySQL instance.
Create a symbolic link inside your web root that points to /home/otheruser/public_html/wp-config.php, then access the symlinked file through the browser.
Because the web server is running with FollowSymLinks enabled and no owner-matching or kernel-level protections, Apache will dereference symbolic links that point outside the current user's document root. By creating a symlink in your own directory that references the other customer's wp-config.php, you can request the link over HTTP and have Apache return the contents as if it belonged to your site. Host-header manipulation does not bypass file-system boundaries, SQL injection against the MySQL system tables still requires credentials or connection to the other user's database, and directory traversal cannot reach sibling home directories when you lack read permissions. Therefore, leveraging a symbolic-link bypass is the most reliable method to read another tenant's files in this misconfigured shared hosting environment.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are symbolic links in Linux?
Open an interactive chat with Bash
How does the FollowSymLinks option in Apache work?
Open an interactive chat with Bash
What are some common symlink protection measures in shared hosting environments?
Open an interactive chat with Bash
What is the FollowSymLinks option in Apache?
Open an interactive chat with Bash
What are symbolic links in file systems?
Open an interactive chat with Bash
What is the wp-config.php file in WordPress, and why is it important?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
Web Application Hacking
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .