Jump to content

Hacking Via Hosting Provider. possible?


Recommended Posts


Hello. I am newbie in hacking,pentesting,security.I want to know can some company's (CompanyA) server/servers can be hacked through vulnarable/hacked server/servers of another company(CompanyB) if both these companies hosted on the same hosting provider ? CompanyA and CompanyB are not related to each other. If this possible teoretically then how it can be done ? I would like to know fundamentals of this type of hacking.Thanks.

Link to comment
Share on other sites

  • Irukandji changed the title to Hacking Via Hosting Provider. possible?
22 minutes ago, digininja said:

If two sites are hosted on the same server then getting access to the server through one site potentially gives you access to every site on the server.

No it doesn't. If it did, then websites would get hacked all the time through malicious sites. Still, side-channel exploits using a VPS on a server vulnerable to Spectre/Meltdown could give you access to protected memory and thus able to inspect the processes running on the server. 

Link to comment
Share on other sites

You are talking about sites on different hosts, I'm talking the same host. If you have two sites, both on different virtual machines, then cross site access becomes a lot harder.

I've done it plenty of times for sites on the same host, get RCE or LFI through site one and use it to compromise a second site.

On different virtual machines you need to look for things like trust relationships between the hosts. I've seen multiple machines all mounting the same file share which contains all the sites the company hosts.

Link to comment
Share on other sites

  • 4 months later...

Theoretically, if two companies (CompanyA and CompanyB) are hosted on the same server infrastructure and there are vulnerabilities in the hosting provider's system, it could potentially pose a risk to both companies.

In Web App services, those are often run in docker containers
- CVE-2020-15157: Container breakout in container runtimes like Docker. Could lead to escaping from one container and thus being able to compromise other services and containers on that host.

In shared virtualization environments, it's possible to take advantage of unpatched and outdated CPU architectures to take over other VMs on the same system.
- CVE-2017-5753, CVE-2017-5715, CVE-2017-5754 (Spectre and Meltdown) caused isolation issues with processing and makes it possible to affect other services running on the CPU.
- CVE-2016-5195 (Dirty COW) is an issue with memory protections allowing memory protections to be bypassed

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...