[CentOS] Strange Apache log entry

Sun Aug 29 07:45:53 UTC 2010
Gordon Messmer <yinyang at eburg.com>

On 08/28/2010 05:30 AM, Stephen Harris wrote:
> In general it's not just PHP; it could be perl, script.. anything
> eg this extremely bad and broken CGI program:

That's true, but /proc/environ isn't in a format that's valid for most 
languages.  If a PHP script can be made to include /proc/environ, code 
can be injected by the caller.  For instance, their Agent string could 
include PHP code which would end up executed.  Other languages may not 
be as prone to that specific issue.