On Thu, Jun 14, 2012 at 10:20 PM, Mark Wieder <mwie...@ahsoftware.net>wrote:
> ??? What possible good would changing the filetype be? Fortunately all > my .irev files are in cgi-bin lockers or otherwise inocuous, but I > can't imagine why someone would program a bot to change a non-php file > to a php type. Just in case it had executable php code? Weird. > If you change the filename to end in .php and enter a string like: <?php include "superhack.php" ?> in the beginning of the file or at the end, it will be guaranteed to run your hack. You can also make it download PHP code from a C&C URL, save it to a temp file and include it (include is PHP for execute), which is terribly dangerous. -- http://www.andregarzia.com -- All We Do Is Code. http://fon.nu -- minimalist url shortening service. _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode