AW: AW: ANN: GLX2 3.05

Andre Garzia andre at andregarzia.com
Thu Jun 14 21:39:42 EDT 2012


On Thu, Jun 14, 2012 at 10:20 PM, Mark Wieder <mwieder at ahsoftware.net>wrote:

> ??? What possible good would changing the filetype be? Fortunately all
> my .irev files are in cgi-bin lockers or otherwise inocuous, but I
> can't imagine why someone would program a bot to change a non-php file
> to a php type. Just in case it had executable php code? Weird.
>

If you change the filename to end in .php and enter a string like:

<?php

include "superhack.php"

?>

in the beginning of the file or at the end, it will be guaranteed to run
your hack. You can also make it download PHP code from a C&C URL, save it
to a temp file and include it (include is PHP for execute), which is
terribly dangerous.


-- 
http://www.andregarzia.com -- All We Do Is Code.
http://fon.nu -- minimalist url shortening service.



More information about the Use-livecode mailing list