FYHTECH

FUN WITH LINUX

Apaches "File-Extension-Feature"

1 February 2017

Many years ago, someone mentioned on a congress that apache has an interesting feature: if apache doesn’t know a file-extension, it will just take the next one. If someone saves a file called “shell.php.ab”, apache would not know what to do with the extension “.ab”. So it will just skip this one and uses the next one and the file “evil.php.ab” becomes “evil.php” and gets executed. I wondered how long it will take until a related bug will occur and I was not surprised when I read aboutthis nasty bug.

[ Security  apache  ]
User image

My name is Wolfgang Hotwagner. I am a Linux and Information Security enthusiast from Vienna. This blog is about my journey through Computer Science.

Tag Cloud

Raspberry git Shell Fun Crypto PHP Open-Source logrotate Sysadmin xmas Puppet Toscom ccc Anniversary Linux Email Zsh Ansible News Mathematics apache Database Mail LVM Docker Postgresql HackADay vim Tricks Security One-Liner Suricata Proxy Backup Debian Perl Kernel Blog External Downloads CLI Desktop Virtualization Ruby Web Firewall Bash Software-Raid CVE TerminalEmulator Nagios Programming Multimedia openssl Hardware Network Btrfs Certification C

Recent Posts

Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution 3.0 Unported License.

Copyright 2015-present Hoti