ID: 32934 Updated by: [EMAIL PROTECTED] Reported By: bernardino_lopez at yahoo dot com -Status: Open +Status: Bogus Bug Type: *General Issues Operating System: Linux PHP Version: 4.3.11 New Comment:
Not a PHP problem. Configure your webserver properly. Previous Comments: ------------------------------------------------------------------------ [2005-05-03 23:18:30] bernardino_lopez at yahoo dot com Description: ------------ Open Any PHP Page and replace the "." of the File Extension by "/" Example: http://www.abc.com/phpinfo.php Replace the URL Address for: http://www.abc.com/phpinfo/php The script is going to execute. Reproduce code: --------------- No code just replace your URL from the extension ".php" for "/php" Expected result: ---------------- Same page execution of the Original page. Not sure if possible to parse extra parameters to any exposed script to execute.... Actual result: -------------- Page execute regardles of the phpinfo.php phpinfo/php At this point looking for a major impact because in case of be able to pass arbitrary commands to the script to execute will create major security issue. Best Regards Dinooz. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=32934&edit=1
