Results 1 to 9 of 9
Threaded View
-
19th Jul 2011, 12:48 AM #1
Secure php file execution NOW!
I've found a problem with the execution of files with unknown extensions.
To see the server is vulnerable upload a file named bug.php.kkk and see if it executes:Code:<?php echo "bugged"; ?>
This is caused by:
"Files can have more than one extension, and the order of the extensions is normally irrelevant. (...) Care should be taken when a file with multiple extensions gets associated with both a MIME-type and a handler. This will usually result in the request being handled by the module associated with the handler."
See:Code:http://httpd.apache.org/docs/2.2/mod/mod_mime.html#multipleext http://www.php.net/manual/en/install.windows.apache2.php
Find in configuration:
Code:AddHandler application/x-httpd-php .php
Code:<FilesMatch \.php$> SetHandler application/x-httpd-php </FilesMatch>
NewEraCrackerNewEraCracker Reviewed by NewEraCracker on . Secure php file execution NOW! I've found a problem with the execution of files with unknown extensions. To see the server is vulnerable upload a file named bug.php.kkk and see if it executes: <?php echo "bugged"; ?> If you see just "bugged" while executing it, your server IS NOT secured. If you see ALL text (including the php tags) in the browser or in the downloaded file, your server seems to be secure. This is caused by: "Files can have more than one extension, and the order of the extensions is normally Rating: 5Trusted: Dom, l0calh0st, 0ccul7, robert420
Find all threads started by NewEraCracker
Sponsored Links
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Similar Threads
-
how to unlock pdf secure file
By jillbert in forum Technical Help Desk SupportReplies: 3Last Post: 15th Nov 2012, 09:49 AM -
How to secure RDP??
By Jiung in forum Technical Help Desk SupportReplies: 6Last Post: 9th Aug 2012, 09:55 PM -
Fatal error: Maximum execution time of 30 sec exceeded
By bxflow in forum vBulletinReplies: 8Last Post: 8th Dec 2010, 05:02 AM
themaPoster - post to forums and...
Version 5.11 released. Open older version (or...