Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

Dismiss

[defacementmonitor@hotmail.com: Win ME, Apache/1.3.20 and PHP/4.0.4pl1 Source disclosure Vulnerability]

1 view

Skip to first unread message

Markus Fischer

unread,

Dec 15, 2001, 7:42:35 PM12/15/01

to php...@lists.php.net

Hi,

This mail just poppep up buqtrag. Although PHP 4.0.4pl1 is
old and it is unlikely someone is running it on a production
machine on Win ME I'ld like someone with access to Win ME and
standard Apache/PHP installation can verify this is true or
not.

Not only PHP 4.0.4pl1 but also 4.1.0 would be interesting.

- Markus

--
Please always Cc to me when replying to me on the lists.

Zeev Suraski

unread,

Dec 15, 2001, 8:24:02 PM12/15/01

to Markus Fischer, php...@lists.php.net

As I responded on Bugtraq, this is, if anything, an Apache bug, not a PHP
bug. It could be a configuration bug too, but the bottom line is the
Apache doesn't determine that the file is a PHP file when requested in that
way, and doesn't even invoke PHP on it.

Zeev

>Return-Path: <bugtraq-return-2915-mfischer=guru.jos...@securityfocus.com>
>Delivered-To: mfis...@guru.josefine.at
>Received: (qmail 18662 invoked from network); 15 Dec 2001 19:43:00 -0000
>Received: from outgoing2.securityfocus.com (HELO
>outgoing.securityfocus.com) (66.38.151.26)
> by chello213047128070.15.vie.surfer.at with SMTP; 15 Dec 2001 19:43:00
> -0000
>Received: from lists.securityfocus.com (lists.securityfocus.com
>[66.38.151.19])
> by outgoing.securityfocus.com (Postfix) with QMQP
> id 7F25B8F2AF; Sat, 15 Dec 2001 12:27:16 -0700 (MST)
>Mailing-List: contact bugtra...@securityfocus.com; run by ezmlm
>Precedence: bulk
>List-Id: <bugtraq.list-id.securityfocus.com>
>List-Post: <mailto:bug...@securityfocus.com>
>List-Help: <mailto:bugtra...@securityfocus.com>
>List-Unsubscribe: <mailto:bugtraq-u...@securityfocus.com>
>List-Subscribe: <mailto:bugtraq-...@securityfocus.com>
>Delivered-To: mailing list bug...@securityfocus.com
>Delivered-To: moderator for bug...@securityfocus.com
>Received: (qmail 29165 invoked from network); 15 Dec 2001 02:52:16 -0000
>Date: 15 Dec 2001 01:26:49 -0000
>Message-ID: <2001121501264...@mail.securityfocus.com>
>Content-Type: text/plain
>Content-Disposition: inline
>Content-Transfer-Encoding: binary
>MIME-Version: 1.0
>X-Mailer: MIME-tools 5.411 (Entity 5.404)
>From: Bill Q <defaceme...@hotmail.com>
>To: bug...@securityfocus.com
>Subject: Win ME, Apache/1.3.20 and PHP/4.0.4pl1 Source disclosure
> Vulnerability
>
>
>
>It appears as if PHP/4.0.4 installed on Win ME
>running Apache/1.3.20 will disclose php source if the
>url is entered with pounds surrounding the dot.
>http://server.com/phpfile#.#php
>
>I have tested this on:
>Apache/1.3.22 (Win32) PHP/4.0.6 (Win2K pro)
>And it is not vulnerable. This may be a Win ME thing..
>
>I would be curious if Apache/1.3.22 on Win ME is
>vulnerable
>
>Now WHY someone would have a webserver on
>ME....is another question....
>
>--
>PHP Development Mailing List <http://www.php.net/>
>To unsubscribe, e-mail: php-dev-u...@lists.php.net
>For additional commands, e-mail: php-de...@lists.php.net
>To contact the list administrators, e-mail: php-lis...@lists.php.net

0 new messages