As I responded on Bugtraq, this is, if anything, an Apache bug, not a PHP bug. It could be a configuration bug too, but the bottom line is the Apache doesn't determine that the file is a PHP file when requested in that way, and doesn't even invoke PHP on it.
Zeev At 02:42 16/12/2001, Markus Fischer wrote: > Hi, > > This mail just poppep up buqtrag. Although PHP 4.0.4pl1 is > old and it is unlikely someone is running it on a production > machine on Win ME I'ld like someone with access to Win ME and > standard Apache/PHP installation can verify this is true or > not. > > Not only PHP 4.0.4pl1 but also 4.1.0 would be interesting. > > - Markus > >-- >Please always Cc to me when replying to me on the lists. >Return-Path: <[EMAIL PROTECTED]> >Delivered-To: [EMAIL PROTECTED] >Received: (qmail 18662 invoked from network); 15 Dec 2001 19:43:00 -0000 >Received: from outgoing2.securityfocus.com (HELO >outgoing.securityfocus.com) (66.38.151.26) > by chello213047128070.15.vie.surfer.at with SMTP; 15 Dec 2001 19:43:00 > -0000 >Received: from lists.securityfocus.com (lists.securityfocus.com >[66.38.151.19]) > by outgoing.securityfocus.com (Postfix) with QMQP > id 7F25B8F2AF; Sat, 15 Dec 2001 12:27:16 -0700 (MST) >Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm >Precedence: bulk >List-Id: <bugtraq.list-id.securityfocus.com> >List-Post: <mailto:[EMAIL PROTECTED]> >List-Help: <mailto:[EMAIL PROTECTED]> >List-Unsubscribe: <mailto:[EMAIL PROTECTED]> >List-Subscribe: <mailto:[EMAIL PROTECTED]> >Delivered-To: mailing list [EMAIL PROTECTED] >Delivered-To: moderator for [EMAIL PROTECTED] >Received: (qmail 29165 invoked from network); 15 Dec 2001 02:52:16 -0000 >Date: 15 Dec 2001 01:26:49 -0000 >Message-ID: <[EMAIL PROTECTED]> >Content-Type: text/plain >Content-Disposition: inline >Content-Transfer-Encoding: binary >MIME-Version: 1.0 >X-Mailer: MIME-tools 5.411 (Entity 5.404) >From: Bill Q <[EMAIL PROTECTED]> >To: [EMAIL PROTECTED] >Subject: Win ME, Apache/1.3.20 and PHP/4.0.4pl1 Source disclosure > Vulnerability > > > >It appears as if PHP/4.0.4 installed on Win ME >running Apache/1.3.20 will disclose php source if the >url is entered with pounds surrounding the dot. >http://server.com/phpfile#.#php > >I have tested this on: >Apache/1.3.22 (Win32) PHP/4.0.6 (Win2K pro) >And it is not vulnerable. This may be a Win ME thing.. > >I would be curious if Apache/1.3.22 on Win ME is >vulnerable > >Now WHY someone would have a webserver on >ME....is another question.... > >-- >PHP Development Mailing List <http://www.php.net/> >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] >To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]