On Sep 19, 2013, at 9:14 AM, Arno Kuhl a...@dotcontent.net wrote:
Arno: If you can request that file using a web browser, and it gets executed
as PHP on your server then there is an error in the Apache configuration.
Easy test: create a file in a text editor containing some PHP (?php
For the past week I've been trying to get to the bottom of an exploit, but
googling hasn't been much help so far, nor has my service provider.
Basically a file was uploaded with the filename xxx.php.pgif which contained
nasty php code, and then the file was run directly from a browser. The
upload
- Original Message -
From: Arno Kuhl a...@dotcontent.net
To: php-general@lists.php.net
Sent: Thursday, September 19, 2013 1:35 PM
Subject: [PHP] Apache's PHP handlers
For the past week I've been trying to get to the bottom of an exploit, but
googling hasn't been much help so far, nor
-Original Message-
From: Ken Robinson [mailto:kenrb...@rbnsn.com]
Sent: 19 September 2013 01:52 PM
To: a...@dotcontent.net
Cc: php-general@lists.php.net
Subject: Re: [PHP] Apache's PHP handlers
Check you .htaccess file. The hackers could have modified it to allow that
type of file
For the past week I've been trying to get to the bottom of an exploit, but
googling hasn't been much help so far, nor has my service provider.
Basically a file was uploaded with the filename xxx.php.pgif which
contained
nasty php code, and then the file was run directly from a browser. The
PM
Subject: RE: [PHP] Apache's PHP handlers
For the past week I've been trying to get to the bottom of an exploit,
but
googling hasn't been much help so far, nor has my service provider.
Basically a file was uploaded with the filename xxx.php.pgif which
contained
nasty php code
On 19 Sep 2013, at 13:58, Design in Motion Webdesign i...@designinmotion.be
wrote:
it has nothing to do with .php in the file name. What the hacker did, was
uploading a .gif file with some malicious php code included to your
webserver. Then he called the .gif file from his own website by
The best way to handle file uploads is to:
1) Store the filename somewhere in the DB, rename the file to a random
string without extension and store the mapping in the DB as well.
2) When sending the file, set the header content to the filename and output
the content of the file via PHP (ex: by
On 19 Sep 2013, at 14:39, Aziz Saleh azizsa...@gmail.com wrote:
The best way to handle file uploads is to:
1) Store the filename somewhere in the DB, rename the file to a random string
without extension and store the mapping in the DB as well.
2) When sending the file, set the header
On Thursday, September 19, 2013, Stuart Dallas wrote:
On 19 Sep 2013, at 14:39, Aziz Saleh azizsa...@gmail.com javascript:;
wrote:
The best way to handle file uploads is to:
1) Store the filename somewhere in the DB, rename the file to a random
string without extension and store the
Arno: If you can request that file using a web browser, and it gets executed
as PHP on your server then there is an error in the Apache configuration.
Easy test: create a file in a text editor containing some PHP (?php
phpinfo(); ? would be enough) and upload it to the www root of your site
and
On Thu, 2013-09-19 at 16:14 +0200, Arno Kuhl wrote:
Arno: If you can request that file using a web browser, and it gets executed
as PHP on your server then there is an error in the Apache configuration.
Easy test: create a file in a text editor containing some PHP (?php
phpinfo(); ? would
12 matches
Mail list logo
