Short Name |
HTTP:PHP:UPLOAD-LOCATION |
---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
PHP Arbitrary File Upload Location |
Release Date |
2004/11/17 |
Update Number |
1213 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vsrx-12.1+ |
This signature detects a maliciously crafted HTTP POST request. Attackers can use a directory traversal attack within the Content-Disposition field of a POST request to force PHP to execute arbitrary code.
Reportedly PHP is vulnerable to an arbitrary location file upload vulnerability. This issue is due to a failure of the PHP application to properly sanitize user-supplied file name input. An attacker may exploit this issue to upload files to an arbitrary location on a computer running the affected software. This may facilitate arbitrary server-side script code execution as well as other attacks. It is reported that this issue only affects PHP versions 4.2.0 and subsequent.