Arbitrary PHP file execution vulnerability in Windows
Source: Internet
Author: User
Any file execution vulnerability in PHP in Windows. Read the arbitrary file execution vulnerability in PHP in Windows. affected systems :?? PHPversion4.1.1underWindows ?? PHPversion4.0.4underWindows ???? Vulnerability description :?????? In Windows, PHP is affected by PHP. EX:
?? PHP version 4.1.1 under Windows
?? PHP version 4.0.4 under Windows
??
?? Vulnerability description:
????
?? In PHP in Windows, through PHP. EXE, attackers can make any file as a php file, even if the file extension is not PHP. For example, upload a file, but the extension is mp3, txt, or gif, and then require PHP to execute it.
?? For example:
?? Upload a gif file, but it is actually a php script file. the file content is as follows:
?? #------------
???? Phpinfo ();
???>
?? #------------
??
?? Then attackers use PHP to execute:
?? Http://www.example.com/php/php.exe/UPLOAD_DIRECTORY/huh.gif
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.