Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: PHP :: web5139.htm

PHP for windows arbitrary files execution
25th Feb 2002 [SBWID-5139]

	PHP for windows arbitrary files execution


	 PHP version 4.1.1 under Windows

	 PHP version 4.0.4 under Windows



	CompuMe and RootExtractor posted :

	An attacker can upload innocent looking files  (with  mp3,  txt  or  gif
	extensions) through any uploading systems such as  WebExplorer  (or  any
	other PHP program that has uploading  capabilities),  and  then  request
	PHP to execute it.

	 Example :



	After uploading a file a \"gif\"  extension  (in  our  example  huh.gif)
	that contains PHP code such as:







	An attacker can type the following address to get in to  cause  the  PHP
	file to be executed:



	Upgrade ??

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH