2

I have created the following file 

<?php 
echo "hi";
?>

i named it as "test.php.jpg" and uploaded to root folder of my site

now while i access that file via browser (http://domainname.com/test.php.jpg)

i am getting the following output 

hi

why this is happening ? why my apache server executing the php script in a file with "jpg" extension ?

AstroCB
  • 12,337
  • 20
  • 57
  • 73
vimal1083
  • 8,499
  • 6
  • 34
  • 50
  • 3
    what does your apache php handler directive look like? – Patrick Evans Feb 15 '14 at 17:43
  • 1
    possible duplicate of [Is it possible to execute PHP with extension file.php.jpg?](http://stackoverflow.com/questions/8025236/is-it-possible-to-execute-php-with-extension-file-php-jpg) – fedorqui Feb 15 '14 at 17:43
  • 1
    As in the duplicate mentioned. People should of course not do this, at best it consumes a large amount of resources (no cache, full php engine starting for something that should be a simple in-memory file request), at worst it's a security nightmare (allowing people to upload images, with php-code injected, you can even do this in a _valid_ image). – Wrikken Feb 15 '14 at 17:47
  • @Wrikken , How will you inject code in a valid image file ? – vimal1083 Feb 15 '14 at 17:54
  • @Vimalraj.S: for instance, [in a PNG comment field](http://www.libpng.org/pub/png/spec/1.2/PNG-Chunks.html) – Wrikken Feb 15 '14 at 17:59
  • @Wrikken if you inject code in comment field of PNG image , then your server wont execute that script , your server will treat that as a valid image file , it doesn't cause any problem to us . isn't it ? – vimal1083 Feb 15 '14 at 18:31
  • The webserver cares very little for what's in your file. If it gets told .png images should fo through the PHP engine, it will do that. If there are no ``'s in there, you won't notice it (PHP will just output the whole source file, but if they _are_ there, and the webserver is configured to run .png's through the PHP engine, you're toast. Just google: "php injection in image comments", loads of links. – Wrikken Feb 15 '14 at 18:36

1 Answers1

1

My guess is that the FilesMatch directive in your Apache config file is too lenient. See point #8 over here for the correct FilesMatch directive: http://www.php.net/manual/en/install.unix.apache2.php

Shaunak Kashyap
  • 598
  • 3
  • 6