Results 1 to 6 of 6
  1. #1

    Apache and extensions

    I have found a hole in one of my servers that someone else pointed. Here is what I found. A fake image can get uploaded to the server like test.php.psd and the server will think it is an image file but in fact it is a PHP file. Then when the server access the file Apache does not recognize the file and automatically assumes that it is a PHP file and tries to execute it as a PHP file. If the file is not recognizable and can not open it as an image file then it should not automatically try to execute it as a PHP file. Am I wronging in assuming this? Here are two sample files.

    Here is a sample file that you can try:
    Code:
    <?php Print  "Hello, World!"; ?>
    http://www.yoursite.net/test.php.psd
    http://www.yoursite.net/test.php.wmv

    How can I create files like this that are not recognized by Apache from being automatically being executed as a PHP file.

  2. #2
    Join Date
    Dec 2002
    Location
    chica go go
    Posts
    11,858
    Are you running mod_php or phpsuexec (cgi)?

    if you're running mod_php, you could shut off execution of php on a per-directory basis by putting this into your somedirectory/.htaccess:

    php_value engine 0

  3. #3
    I don't want to shut off PHP. I want to stop files that are not reconized and automaticlly being executes as a PHP file when there not reconized.

  4. #4
    Join Date
    Nov 2001
    Location
    Ann Arbor, MI
    Posts
    2,978
    Remove mod_mime_magic.
    -Mark Adams
    www.bitserve.com - Secure Michigan web hosting for your business.
    Only host still offering a full money back uptime guarantee and prorated refunds.
    Offering advanced server management and security incident response!

  5. #5
    Quote Originally Posted by bitserve View Post
    Remove mod_mime_magic.
    I do not see it in my PHP settings. I have mod_mime in it but not mod_mime_magic.

  6. #6
    Join Date
    Dec 2002
    Location
    chica go go
    Posts
    11,858
    it's an apache module.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •