Home > Article > Backend Development > Arbitrary file execution vulnerability in PHP under Windows_PHP Tutorial

Arbitrary file execution vulnerability in PHP under Windows_PHP Tutorial

WBOYOriginal: 2016-07-21 16:07:42912browse

Affected systems:
PHP version 4.1.1 under Windows
PHP version 4.0.4 under Windows

Vulnerability description:
🎜>In PHP under Windows, through PHP.EXE, an attacker can make any file appear as a php file, even if the file extension is not php. For example, upload a file, but the extension is mp3, txt, or gif, etc., and then ask PHP to execute it.
　For example:
Upload a gif file, but it is actually a php script file. The content of the file is as follows:
#------------
phpinfo();
?>
#------------

Then the attacker uses PHP Go to execution:
http://www.example.com/php/php.exe/UPLOAD_DIRECTORY/huh.gif

Statement：

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Previous article：Implementation of infinite level menu_PHP tutorialNext article：Implementation of infinite level menu_PHP tutorial

See more

Arbitrary file execution vulnerability in PHP under Windows_PHP Tutorial

Related articles