ID: 32934 User updated by: bernardino_lopez at yahoo dot com Reported By: bernardino_lopez at yahoo dot com Status: Bogus Bug Type: *General Issues Operating System: Linux PHP Version: 4.3.11 New Comment:
Do you realize that all the PHP Webserver's in the World need to be configure properly then ??? I'm just surprised it executed, at this time noticed the performance of the server have some degradation in speed, I wonder if multiple mal-formed request can slow down the server in general. but I really don't think is WebServer configuration is execution of any PHP Script. Will dig more about it and find out if Windows based servers reply the same way. Something that I noticed the execution does not affect when run the php from the CLI. Best Regards Dino. Previous Comments: ------------------------------------------------------------------------ [2005-05-04 18:34:13] [EMAIL PROTECTED] Not a PHP problem. Configure your webserver properly. ------------------------------------------------------------------------ [2005-05-03 23:18:30] bernardino_lopez at yahoo dot com Description: ------------ Open Any PHP Page and replace the "." of the File Extension by "/" Example: http://www.abc.com/phpinfo.php Replace the URL Address for: http://www.abc.com/phpinfo/php The script is going to execute. Reproduce code: --------------- No code just replace your URL from the extension ".php" for "/php" Expected result: ---------------- Same page execution of the Original page. Not sure if possible to parse extra parameters to any exposed script to execute.... Actual result: -------------- Page execute regardles of the phpinfo.php phpinfo/php At this point looking for a major impact because in case of be able to pass arbitrary commands to the script to execute will create major security issue. Best Regards Dinooz. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=32934&edit=1
