On Sep 19, 2013, at 9:14 AM, Arno Kuhl wrote:
> Arno: If you can request that file using a web browser, and it gets executed
> as PHP on your server then there is an error in the Apache configuration.
>
> Easy test: create a file in a text editor containing some PHP ( phpinfo(); ?> would be eno
On Thu, 2013-09-19 at 16:14 +0200, Arno Kuhl wrote:
> Arno: If you can request that file using a web browser, and it gets executed
> as PHP on your server then there is an error in the Apache configuration.
>
> Easy test: create a file in a text editor containing some PHP ( phpinfo(); ?> would be
Arno: If you can request that file using a web browser, and it gets executed
as PHP on your server then there is an error in the Apache configuration.
Easy test: create a file in a text editor containing some PHP ( would be enough) and upload it to the www root of your site
and name it test.pgif.
On Thursday, September 19, 2013, Stuart Dallas wrote:
> On 19 Sep 2013, at 14:39, Aziz Saleh >
> wrote:
>
> > The best way to handle file uploads is to:
> >
> > 1) Store the filename somewhere in the DB, rename the file to a random
> string without extension and store the mapping in the DB as well
On 19 Sep 2013, at 14:39, Aziz Saleh wrote:
> The best way to handle file uploads is to:
>
> 1) Store the filename somewhere in the DB, rename the file to a random string
> without extension and store the mapping in the DB as well.
> 2) When sending the file, set the header content to the filen
The best way to handle file uploads is to:
1) Store the filename somewhere in the DB, rename the file to a random
string without extension and store the mapping in the DB as well.
2) When sending the file, set the header content to the filename and output
the content of the file via PHP (ex: by re
On 19 Sep 2013, at 13:58, "Design in Motion Webdesign"
wrote:
> it has nothing to do with ".php" in the file name. What the hacker did, was
> uploading a .gif file with some malicious php code included to your
> webserver. Then he called the .gif file from his own website by using a php
> scr
once('http://www.yoursite.com/images/yourimage.gif'). At that moment
the php code inside the .gif file has been executed.
Steven
- Original Message -
From: "Arno Kuhl"
To: "'Design in Motion Webdesign'" ;
Sent: Thursday, September 19, 2013 2:43 PM
Subje
> For the past week I've been trying to get to the bottom of an exploit, but
> googling hasn't been much help so far, nor has my service provider.
> Basically a file was uploaded with the filename xxx.php.pgif which
contained
> nasty php code, and then the file was run directly from a browser. The
-Original Message-
From: Ken Robinson [mailto:kenrb...@rbnsn.com]
Sent: 19 September 2013 01:52 PM
To:
Cc:
Subject: Re: [PHP] Apache's PHP handlers
Check you .htaccess file. The hackers could have modified it to allow that
type of file to be executed. I had some that modifi
- Original Message -
From: "Arno Kuhl"
To:
Sent: Thursday, September 19, 2013 1:35 PM
Subject: [PHP] Apache's PHP handlers
For the past week I've been trying to get to the bottom of an exploit, but
googling hasn't been much help so far, nor has my service p
For the past week I've been trying to get to the bottom of an exploit, but
googling hasn't been much help so far, nor has my service provider.
Basically a file was uploaded with the filename xxx.php.pgif which contained
nasty php code, and then the file was run directly from a browser. The
upload s
12 matches
Mail list logo
