Comments on: security hole for files with a dot at the end http://verens.com/2008/10/13/security-hole-for-files-with-a-dot-at-the-end/ klog - Kae's Log Mon, 21 May 2012 21:11:58 +0000 hourly 1 http://wordpress.org/?v=3.3.2 By: Arjan http://verens.com/2008/10/13/security-hole-for-files-with-a-dot-at-the-end/#comment-1158 Arjan Fri, 17 Oct 2008 11:43:27 +0000 http://verens.com/?p=504#comment-1158 Thanks for the update, I guess we will have to update our Apache configurations to include your FilesMatch fix. Thanks for the update, I guess we will have to update our Apache configurations to include your FilesMatch fix.

]]> By: Kae Verens http://verens.com/2008/10/13/security-hole-for-files-with-a-dot-at-the-end/#comment-1157 Kae Verens Fri, 17 Oct 2008 11:41:07 +0000 http://verens.com/?p=504#comment-1157 I also reported it to the Fedora PHP list and was again told that it is a feature required for MultiViews. In short, this will not be fixed ever, so a lot of PHP scripts will need to be rewritten. I also reported it to the Fedora PHP list and was again told that it is a feature required for MultiViews.

In short, this will not be fixed ever, so a lot of PHP scripts will need to be rewritten.

]]> By: Kae Verens http://verens.com/2008/10/13/security-hole-for-files-with-a-dot-at-the-end/#comment-1156 Kae Verens Fri, 17 Oct 2008 11:40:17 +0000 http://verens.com/?p=504#comment-1156 I reported it to their security mailinglist. I was told that it is a "feature" necessary MultiViews. Personally, I don't use MultiViews, and would prefer that this "feature" is removed. Interestingly, this can be exploited on image-upload scripts which allow images to be viewed from their original file. Simply create a PHP file, rename it "image.php.jpg" and upload it. Apache will treat the file as if it is PHP (not JPG) and will run it... This will probably affect quite a lot of scripts. I reported it to their security mailinglist. I was told that it is a “feature” necessary MultiViews. Personally, I don’t use MultiViews, and would prefer that this “feature” is removed.

Interestingly, this can be exploited on image-upload scripts which allow images to be viewed from their original file. Simply create a PHP file, rename it “image.php.jpg” and upload it. Apache will treat the file as if it is PHP (not JPG) and will run it… This will probably affect quite a lot of scripts.

]]> By: Arjan http://verens.com/2008/10/13/security-hole-for-files-with-a-dot-at-the-end/#comment-1155 Arjan Fri, 17 Oct 2008 11:36:35 +0000 http://verens.com/?p=504#comment-1155 This is very disturbing news! Did you already report this to the Apache Foundation or its bugzilla? I think this breaks the security of a lot upload pages. This is very disturbing news! Did you already report this to the Apache Foundation or its bugzilla? I think this breaks the security of a lot upload pages.

]]>