/proc/self/fd reports the files opened by a process. Each entry is a “magic” symbolic link whose name is the file descriptor and whose target is the open file.
/etc/passwd /proc/self/cmdline /proc/sched_debug /etc/shadow /etc/issue /etc/group /etc/hostname /home/user/.ssh/id_rsa /home/user/bash_history /usr/local/etc/apache22/httpd.conf.
The proc filesystem is a pseudo-filesystem which provides an interface to kernel data structures.
proc/self/fd/3 ,at this timelsThe process of trying to open the non-existent file 3 has not obtained the descriptor 3, so an error is reported. The role of this folder is mentioned in the CentOS documentation
The proc file system is a pseudo-file system which is used as an interface to kernel data structures.
[www] ; if we send this to /proc/self/fd/1, it never appears access.log = /proc/self/fd/2. clear_env = no ; Ensure worker stdout and stderr are sent to the main error log. catch_workers_output = yes decorate_workers_output = no root@8f03d2e7056f:/var/www/html#. And the result is a line to...
proc/self/fd/[0-99] # It is possible to get the files of the currently running process.
File descriptor 0 is dedicated for standard input, 1 for standard output, and 2 for standard error. File descriptors are maintained under /proc/$pid/fd where $pid is the process id.
Proc environ or files descriptor injection. The /proc/self/environ file contains the environment variables of the current process and notably, for an Apache process, the variable HTTP_USER_AGENT set from the User-Agent requests.
If this attack is successful, it will result in the inclusion of the /proc/self/environ file or other requested file, instead of the originally requested file (index.php) in this case, in addition, the php script if run, will append its code to the original file and create a new file that will notify the hacker of success.