[VIM] PHP File Upload Vulnerability with extra Extension

str0ke str0ke at milw0rm.com
Tue May 13 02:14:34 UTC 2008


Thank you both for the explanation.

regards,
/str0ke

Matthew Murphy wrote:
>
> On May 12, 2008, at 2:28 PM, str0ke wrote:
>
>> I have forgotten what caused the vulnerability where you upload a file
>> such as somefile.php.jpg and it can be executed as a php script.  I know
>> this isn't a php vulnerability as much as an addon.  I think in the past
>> it was suexec that caused this but not sure.  Anyone have a clue?
>>
>> Regards,
>> /str0ke
>
> It's a design decision, according to ASF.  The idea is that you can
> have multiple extensions, e.g:
>
> index.html.en
>
> Both of which affect the content processing in some way.  The .html
> file tells the core that it is a static document, but the .en tells
> mod_negotiation that it is an English-language version of
> 'index.html'.  The same processing is done for PHP content, e.g.:
>
> index.php.fr
>
> Will be processed if I request 'index.php' with an Accept-Language
> header including 'fr' or a subcode of it.
>
> - Matt
>


More information about the VIM mailing list