Date: Sat, 12 Aug 2000 08:17:05 +0300 From: Vladimir Melnik <raccoon@art-service.net.ua> To: freebsd-security@freebsd.org Subject: php-3.0.12 and apache-1.3.9: it this a bug or some feature? Message-ID: <20000812081705.I98373@art-service.net.ua>
next in thread | raw e-mail | index | archive | help
Hello, citizens. Tonight I saw strange behavior of apache-1.3.9 with php-3.0.12 on one of FreeBSD-3.4 box and I can't understand it. Look... I have some php3-scripts at my web-server. Ok, let's run Internet Browser and type URL: http://my.web.server/index.html Oh, well, it's ok, file `index.html' exists and my apache shows it. Now let's check this: http://my.web.server/something.php3 Wow! It's ok too, `cause this file exists too! ;-) Now we'll do something unusual... http://my.web.server/something.php3/boo-boo/oops/ or even http://my.web.server/something.php3/../../../../ Oops... I can see this document, but, #$%%^%^!.. But where is all images?! ;-) I can't see any of my <img src="..."> displayed correctly. 404. But why do I see html-document? Ok, let's try: http://my.web.server/index.html/boo-boo/oops/ 404, sir. Ok. But what's happened to my php?! ;-) It's interesting to think about, isn't it? ;-) What is your guessings? -- V.Melnik P.S. Sorry for my English, please. :-) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000812081705.I98373>