I don’t know how well documented this hack is, but I dreamed it up while I was laying in bed last night, and tried it out this morning and it works. The hack requires that the target php file has been edited locally in the web directory of a linux server. Linux makes a hidden backup copy of the file by appending a tilde (~) to the file name, and leaves it in the directory as a hidden file. If you access a website with this file and append a ~ to the filename, i.e. “index.php~” you will be able to view the uninterpreted php code. This seems so trivial that I’m sure it has to be documented somewhere else, though I couldn’t find it – part of it has to do with the difficulty associated with searching for special characters, and the alternate use of the ~ (home directory).
I have three ideas to prevent the exploit:
1. Edit the Apache config file to allow php to parse “php~” files.
2. Write a cron job to remove temporary backup files from the web directory.
3. Manually delete ~ files from the web directory, or don’t edit files on the server.
Incoming search terms:
- view unparsed php
- unparsed php code
- how to view unparsed php
- unparsed php removed
- un-parsed server code
- tell server return unparsed php file
- svn entries exploit tool
- remoteviewphp howto
- read uninterpreted php scripts
- read php unparsed
No Comments so far ↓
There are no comments yet...Kick things off by filling out the form below.