|
COMMAND PHP for windows arbitrary files execution SYSTEMS AFFECTED PHP version 4.1.1 under Windows PHP version 4.0.4 under Windows PROBLEM CompuMe and RootExtractor posted : An attacker can upload innocent looking files (with mp3, txt or gif extensions) through any uploading systems such as WebExplorer (or any other PHP program that has uploading capabilities), and then request PHP to execute it. Example : ======= After uploading a file a \"gif\" extension (in our example huh.gif) that contains PHP code such as: #------------ <? phpinfo(); ?> #------------ An attacker can type the following address to get in to cause the PHP file to be executed: http://www.example.com/php/php.exe/UPLOAD_DIRECTORY/huh.gif SOLUTION Upgrade ??