Re: [PHP] Apache's PHP handlers

On Sep 19, 2013, at 9:14 AM, Arno Kuhl wrote: > Arno: If you can request that file using a web browser, and it gets executed > as PHP on your server then there is an error in the Apache configuration. > > Easy test: create a file in a text editor containing some PHP ( phpinfo(); ?> would be eno

RE: [PHP] Apache's PHP handlers

On Thu, 2013-09-19 at 16:14 +0200, Arno Kuhl wrote: > Arno: If you can request that file using a web browser, and it gets executed > as PHP on your server then there is an error in the Apache configuration. > > Easy test: create a file in a text editor containing some PHP ( phpinfo(); ?> would be

RE: [PHP] Apache's PHP handlers

Arno: If you can request that file using a web browser, and it gets executed as PHP on your server then there is an error in the Apache configuration. Easy test: create a file in a text editor containing some PHP ( would be enough) and upload it to the www root of your site and name it test.pgif.

Re: [PHP] Apache's PHP handlers

On Thursday, September 19, 2013, Stuart Dallas wrote: > On 19 Sep 2013, at 14:39, Aziz Saleh > > wrote: > > > The best way to handle file uploads is to: > > > > 1) Store the filename somewhere in the DB, rename the file to a random > string without extension and store the mapping in the DB as well

Re: [PHP] Apache's PHP handlers

On 19 Sep 2013, at 14:39, Aziz Saleh wrote: > The best way to handle file uploads is to: > > 1) Store the filename somewhere in the DB, rename the file to a random string > without extension and store the mapping in the DB as well. > 2) When sending the file, set the header content to the filen

Re: [PHP] Apache's PHP handlers

The best way to handle file uploads is to: 1) Store the filename somewhere in the DB, rename the file to a random string without extension and store the mapping in the DB as well. 2) When sending the file, set the header content to the filename and output the content of the file via PHP (ex: by re

Re: [PHP] Apache's PHP handlers

On 19 Sep 2013, at 13:58, "Design in Motion Webdesign" wrote: > it has nothing to do with ".php" in the file name. What the hacker did, was > uploading a .gif file with some malicious php code included to your > webserver. Then he called the .gif file from his own website by using a php > scr

Re: [PHP] Apache's PHP handlers

once('http://www.yoursite.com/images/yourimage.gif'). At that moment the php code inside the .gif file has been executed. Steven - Original Message - From: "Arno Kuhl" To: "'Design in Motion Webdesign'" ; Sent: Thursday, September 19, 2013 2:43 PM Subje

RE: [PHP] Apache's PHP handlers

> For the past week I've been trying to get to the bottom of an exploit, but > googling hasn't been much help so far, nor has my service provider. > Basically a file was uploaded with the filename xxx.php.pgif which contained > nasty php code, and then the file was run directly from a browser. The

RE: [PHP] Apache's PHP handlers

-Original Message- From: Ken Robinson [mailto:kenrb...@rbnsn.com] Sent: 19 September 2013 01:52 PM To: Cc: Subject: Re: [PHP] Apache's PHP handlers Check you .htaccess file. The hackers could have modified it to allow that type of file to be executed. I had some that modifi

Re: [PHP] Apache's PHP handlers

- Original Message - From: "Arno Kuhl" To: Sent: Thursday, September 19, 2013 1:35 PM Subject: [PHP] Apache's PHP handlers For the past week I've been trying to get to the bottom of an exploit, but googling hasn't been much help so far, nor has my service provider. Basically a file w