COMMAND

	PHP for windows arbitrary files execution

SYSTEMS AFFECTED

	 PHP version 4.1.1 under Windows

	 PHP version 4.0.4 under Windows

	

PROBLEM

	CompuMe and RootExtractor posted :
	

	An attacker can upload innocent looking files  (with  mp3,  txt  or  gif
	extensions) through any uploading systems such as  WebExplorer  (or  any
	other PHP program that has uploading  capabilities),  and  then  request
	PHP to execute it.
	

	 Example :

	 =======

	

	After uploading a file a \"gif\"  extension  (in  our  example  huh.gif)
	that contains PHP code such as:
	

	   #------------

	   <?

	   phpinfo();

	   ?>

	   #------------

	

	An attacker can type the following address to get in to  cause  the  PHP
	file to be executed:
	

	http://www.example.com/php/php.exe/UPLOAD_DIRECTORY/huh.gif

	

SOLUTION

	Upgrade ??