TUCoPS :: Web :: PHP :: web5139.htm

PHP for windows arbitrary files execution
25th Feb 2002 [SBWID-5139]
COMMAND

	PHP for windows arbitrary files execution

SYSTEMS AFFECTED

	 PHP version 4.1.1 under Windows

	 PHP version 4.0.4 under Windows

	

PROBLEM

	CompuMe and RootExtractor posted :
	

	An attacker can upload innocent looking files  (with  mp3,  txt  or  gif
	extensions) through any uploading systems such as  WebExplorer  (or  any
	other PHP program that has uploading  capabilities),  and  then  request
	PHP to execute it.
	

	 Example :

	 =======

	

	After uploading a file a \"gif\"  extension  (in  our  example  huh.gif)
	that contains PHP code such as:
	

	   #------------

	   <?

	   phpinfo();

	   ?>

	   #------------

	

	An attacker can type the following address to get in to  cause  the  PHP
	file to be executed:
	

	http://www.example.com/php/php.exe/UPLOAD_DIRECTORY/huh.gif

	

SOLUTION

	Upgrade ??

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH