https://www.exploit-db.com/exploits/21204
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200212-115

PHP在安装到带Apache和ScriptAlias的Windows上将/php/调到c:/php/时存在漏洞。远程攻击者借助带查询字符串文件名的php.exe的HTTP请求读取任意文件和可能执行任意程序。

source: http://www.securityfocus.com/bid/3786/info

A vulnerability exists in the suggested default configuration for the Apache PHP.EXE binary on Microsoft Windows platforms. This issue has the potential to disclose the contents of arbitrary files to remote attackers.

As a result, it is possible for an attacker to append a filepath to the end of web request for php.exe. Files targetted in this manner will be served to the attacker.

It is also possible to run executables in the PHP directory via successful exploitation of this vulnerability.

http://[targethost]/php/php.exe?c:[filepath]

来源:BID
名称:3786
链接:http://www.securityfocus.com/bid/3786
来源:www.securiteam.com
链接:http://www.securiteam.com/windowsntfocus/5ZP030U60U.html
来源:XF
名称:apache-php-view-files(7815)
链接:http://www.iss.net/security_center/static/7815.php