Title                                               17/2/2002
   PHP for Windows Arbitrary Files Execution (GIF, MP3)
    Summary
   Through PHP.EXE, an attacker can cause PHP to interpret any file as a PHP file,
   even if its extensions are not PHP. This would enable the remote attacker to
   execute arbitrary commands, leading to a system compromise.
    Details
   Vulnerable systems:
   PHP version 4.1.1 under Windows
   PHP version 4.0.4 under Windows
   An attacker can upload innocent looking files (with mp3, txt or gif extensions)
   through any uploading systems such as WebExplorer (or any other PHP program that
   has uploading capabilities), and then request PHP to execute it.
   Example:
   After uploading a file a "gif" extension (in our example huh.gif) that contains
   PHP code such as:
   #------------
   <?
   phpinfo();
   ?>
   #------------
   An attacker can type the following address to get in to cause the PHP file to be
   executed:
   http://www.example.com/php/php.exe/UPLOAD_DIRECTORY/huh.gif
   Notice: php/php.exe is included in the URL.
    Additional information
   The information has been provided by CompuMe and RootExtractor.