ID: 14943 Updated by: zak Old Summary: security issue with apache's ScriptAlias and php.exe Reported By: [EMAIL PROTECTED] Old Status: Open Status: Duplicate Bug Type: Apache related Operating System: 98 PHP Version: 4.1.1 New Comment:
Thank your for your report! However, please review the bug database for bug reports before submitting new ones. Previous Comments: ------------------------------------------------------------------------ [2002-01-09 01:22:54] [EMAIL PROTECTED] Apache 1.3.22 PHP 4.1.1 ...the latest versions at the moment. in the httpd.conf of apache, i have: AddType application/x-httpd-php .php ScriptAlias /php/ "c:/mirc/apache/php/" Action application/x-httpd-php "/php/php.exe" typing this into my browser: http://127.0.0.1/php/php.exe?C:\mirc\apache\apache\logs\access.log allowed me to view the file. i noticed the extra traffic heading out from my computer and checked the access.log myself and found someone using php.exe and the scriptalias like this. ------------------------------------------------------------------------ Edit this bug report at http://bugs.php.net/?id=14943&edit=1 -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
