[CentOS] Strange Apache log entry
Gordon Messmer
yinyang at eburg.com
Sun Aug 29 07:45:53 UTC 2010
On 08/28/2010 05:30 AM, Stephen Harris wrote:
> In general it's not just PHP; it could be perl, script.. anything
> eg this extremely bad and broken CGI program:
That's true, but /proc/environ isn't in a format that's valid for most
languages. If a PHP script can be made to include /proc/environ, code
can be injected by the caller. For instance, their Agent string could
include PHP code which would end up executed. Other languages may not
be as prone to that specific issue.
More information about the CentOS
mailing list