(2014-06-24, 03:10 PM)laie_techie Wrote: [ -> ]Most web servers see the php file extension and pass it off to the PHP file handler. This has nothing to do with the file's executable bit being set or not in the file system.
Again, this is not how the attachment system works. Attachments are not saved with their actual file extension.
(2014-06-24, 03:13 PM)StefanT Wrote: [ -> ] (2014-06-24, 03:10 PM)laie_techie Wrote: [ -> ]Most web servers see the php file extension and pass it off to the PHP file handler. This has nothing to do with the file's executable bit being set or not in the file system.
Again, this is not how the attachment system works. Attachments are not saved with their actual file extension.
Attachments are saved in the
uploads directory. A hacker could upload
doevil.php, then hit
http://www.example.com/forum/uploads/doevil.php. If your
uploads directory doesn't redact PHP processing, then
doevil.php will be executed.
The attachment system doesn't work that way. Attachments are renamed when uploaded and store under random file names in year/month directories and as ATTACH files. If you upload a doevil.php file, you couldn't access it by going to
http://www.example.com/forum/uploads/doevil.php (as there is no file to access) since the file would be located at some like
http://www.example.com/forum/uploads/201...fca.attach.
EDIT: I've looked back, PHP has been included as a attachment type since at least the 1.2 days. If PHP attachments could be exploited like that, don't you think someone would've tried by now?