From: [EMAIL PROTECTED] Operating system: 98 PHP version: 4.1.1 PHP Bug Type: Apache related Bug description: security issue with apache's ScriptAlias and php.exe
Apache 1.3.22 PHP 4.1.1 ...the latest versions at the moment. in the httpd.conf of apache, i have: AddType application/x-httpd-php .php ScriptAlias /php/ "c:/mirc/apache/php/" Action application/x-httpd-php "/php/php.exe" typing this into my browser: http://127.0.0.1/php/php.exe?C:\mirc\apache\apache\logs\access.log allowed me to view the file. i noticed the extra traffic heading out from my computer and checked the access.log myself and found someone using php.exe and the scriptalias like this. -- Edit bug report at: http://bugs.php.net/?id=14943&edit=1 -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]