FYHTECH

FUN WITH LINUX

Apaches "File-Extension-Feature"

1 February 2017

Many years ago, someone mentioned on a congress that apache has an interesting feature: if apache doesn’t know a file-extension, it will just take the next one. If someone saves a file called “shell.php.ab”, apache would not know what to do with the extension “.ab”. So it will just skip this one and uses the next one and the file “evil.php.ab” becomes “evil.php” and gets executed. I wondered how long it will take until a related bug will occur and I was not surprised when I read aboutthis nasty bug.

[ Security  apache  ]
User image

My name is Wolfgang Hotwagner. I am a Linux and Information Security enthusiast from Vienna. This blog is about my journey through Computer Science.

Tag Cloud

Suricata Btrfs Programming LVM Fun Security Web Crypto One-Liner Linux Kernel Hardware External openssl Firewall Software-Raid C Multimedia Ruby CVE Toscom Bash Virtualization apache Nagios vim Backup Postgresql Puppet Sysadmin Blog Tricks Network git Ansible TerminalEmulator CLI Debian Zsh Docker HackADay Perl xmas News Shell Downloads Certification Open-Source Mathematics PHP Email Proxy Mail Database Raspberry Anniversary logrotate Desktop

Recent Posts

Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution 3.0 Unported License.

Copyright 2015-present Hoti