[wp-hackers] WordPress <= 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution
dave at technicacreative.co.uk
Wed Nov 11 18:57:03 UTC 2009
php_enable_exploits on ?
On 11 Nov 2009, at 18:54, Otto wrote:
> To do that, you would just want test.php to output a image/jpeg mim
> header, followed by the jpeg binary data. No need for tricky clever
> naming tricks.
> I've been unable to get this to work on my local Apache install so
> far. test.php.jpg doesn't execute. Does anybody know the config needed
> to make this vulnerable?
> Sent from Memphis, TN, United States
> On Wed, Nov 11, 2009 at 11:54 AM, Jeremy Clarke <jer at simianuprising.com
> > wrote:
>> On Wed, Nov 11, 2009 at 12:48 PM, Otto <otto at ottodestruct.com> wrote:
>>> This seems like an Apache configuration problem to me. There are no
>>> circumstances I can think of where I'd want test.php.jpg to be
>>> executed as PHP by Apache.
>> I think the example would be if you were using php with GD or
>> something to output images on the fly (maybe with a caching layer in
>> the php). There must be some plugins out there that use this trick, I
>> know i've seen it before. It might be that this should be the
>> .htaccess hack and not the standard though.
>> Jeremy Clarke
>> Code and Design | globalvoicesonline.org
>> wp-hackers mailing list
>> wp-hackers at lists.automattic.com
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
More information about the wp-hackers