AW: AW: ANN: GLX2 3.05
Andre Garzia
andre at andregarzia.com
Thu Jun 14 21:39:42 EDT 2012
On Thu, Jun 14, 2012 at 10:20 PM, Mark Wieder <mwieder at ahsoftware.net>wrote:
> ??? What possible good would changing the filetype be? Fortunately all
> my .irev files are in cgi-bin lockers or otherwise inocuous, but I
> can't imagine why someone would program a bot to change a non-php file
> to a php type. Just in case it had executable php code? Weird.
>
If you change the filename to end in .php and enter a string like:
<?php
include "superhack.php"
?>
in the beginning of the file or at the end, it will be guaranteed to run
your hack. You can also make it download PHP code from a C&C URL, save it
to a temp file and include it (include is PHP for execute), which is
terribly dangerous.
--
http://www.andregarzia.com -- All We Do Is Code.
http://fon.nu -- minimalist url shortening service.
More information about the use-livecode
mailing list