ID: 22728
Updated by: [EMAIL PROTECTED]
Reported By: ChristianMoore at attbi dot com
-Status: Open
+Status: Bogus
Bug Type: Unknown/Other Function
Operating System: Windows .NET Server 2003 AdvSrv
PHP Version: 4.3.0
New Comment:
Either your scripts are deliberately accessing the network using
something like fopen("http://....";), or your scripts are insecure and
are allowing hackers to do that.
This is not a bug in PHP; please check your scripts, and re-read the
security section of the PHP manual.
Previous Comments:
------------------------------------------------------------------------
[2003-03-15 07:55:38] ChristianMoore at attbi dot com
I use PHP on my site at www.psychosematic.com. For some reason,
php.exe is trying to access the web, and it has nothing to do with my
site.
My firewall logged these actions, performed by php.exe:
File Version :
File Description : C:\php\php.exe
File Path : C:\php\php.exe
Process ID : 283C (Heximal) 10300 (Decimal)
Connection origin : local initiated
Protocol : TCP
Local Address : 192.168.1.100
Local Port : 3216
Remote Name : www.ironmaiden.com
Remote Address : 213.86.54.15
Remote Port : 80 (HTTP - World Wide Web)
Ethernet packet details:
Ethernet II (Packet Length: 62)
Destination: 00-04-5a-e9-5a-17
Source: 00-03-6d-11-12-fc
Type: IP (0x0800)
Internet Protocol
Version: 4
Header Length: 20 bytes
Flags:
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset:0
Time to live: 64
Protocol: 0x6 (TCP - Transmission Control Protocol)
Header checksum: 0x1d7b (Correct)
Source: 192.168.1.100
Destination: 213.86.54.15
Transmission Control Protocol (TCP)
Source port: 3216
Destination port: 80
Sequence number: 3479013436
Acknowledgment number: 0
Header length: 28
Flags:
0... .... = Congestion Window Reduce (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...0 .... = Acknowledgment: Not set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..1. = Syn: Set
.... ...0 = Fin: Not set
Checksum: 0x3311 (Correct)
Data (0 Bytes)
Binary dump of the packet:
0000: 00 04 5A E9 5A 17 00 03 : 6D 11 12 FC 08 00 45 00 |
..Z.Z...m.....E.
0010: 00 30 F2 38 40 00 40 06 : 7B 1D C0 A8 01 64 D5 56 |
[EMAIL PROTECTED]@.{....d.V
0020: 36 0F 0C 90 00 50 CF 5D : 88 3C 00 00 00 00 70 02 |
6....P.].<....p.
0030: 40 00 11 33 00 00 02 04 : 05 B4 01 01 04 02 |
@..3..........
File Version :
File Description : C:\php\php.exe
File Path : C:\php\php.exe
Process ID : 2B40 (Heximal) 11072 (Decimal)
Connection origin : local initiated
Protocol : TCP
Local Address : 192.168.1.100
Local Port : 3256
Remote Name : www.aimoo.com
Remote Address : 216.38.143.13
Remote Port : 80 (HTTP - World Wide Web)
Ethernet packet details:
Ethernet II (Packet Length: 62)
Destination: 00-04-5a-e9-5a-17
Source: 00-03-6d-11-12-fc
Type: IP (0x0800)
Internet Protocol
Version: 4
Header Length: 20 bytes
Flags:
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset:0
Time to live: 64
Protocol: 0x6 (TCP - Transmission Control Protocol)
Header checksum: 0x8014 (Correct)
Source: 192.168.1.100
Destination: 216.38.143.13
Transmission Control Protocol (TCP)
Source port: 3256
Destination port: 80
Sequence number: 74775255
Acknowledgment number: 0
Header length: 28
Flags:
0... .... = Congestion Window Reduce (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...0 .... = Acknowledgment: Not set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..1. = Syn: Set
.... ...0 = Fin: Not set
Checksum: 0x8b0d (Correct)
Data (0 Bytes)
Binary dump of the packet:
0000: 00 04 5A E9 5A 17 00 03 : 6D 11 12 FC 08 00 45 00 |
..Z.Z...m.....E.
0010: 00 30 FD 07 40 00 40 06 : 14 80 C0 A8 01 64 D8 26 |
[EMAIL PROTECTED]@......d.&
0020: 8F 0D 0C B8 00 50 04 74 : FA D7 00 00 00 00 70 02 |
.....P.t......p.
0030: 40 00 0D 8B 00 00 02 04 : 05 B4 01 01 04 02 |
@.............
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=22728&edit=1
