The "domain.com/index.php/login.php" kind of requests in PHP

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
mjsw
Forum Newbie
Posts: 10
Joined: Fri Jul 09, 2010 9:18 am

The "domain.com/index.php/login.php" kind of requests in PHP

Post by mjsw »

Hi all,

I have discovered new and very odd requests made to my PHP website that looks like:

www.domain.com/index.php/login.php

The odd part in this request is that there are two files with php extension requested from the server and it seems that both files gets processed.

When such request is made, index.php is displayed first but there is no style applied to it and some additional informations from login.php are displayed below.

My question is, what is this, how you call it and where can I find more details on this? It is obvious it is some kind of security hole that people are exploiting and I wasn't aware of.

Thank you in advance!
User avatar
getmizanur
Forum Commoner
Posts: 71
Joined: Sun Sep 06, 2009 12:28 pm

Re: The "domain.com/index.php/login.php" kind of requests in

Post by getmizanur »

not really sure however i'm guessing it may be you have mod rewrite rule set up in your .htaccess that is not working
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Re: The "domain.com/index.php/login.php" kind of requests in

Post by pickle »

This is probably a bot trying to be sneaky. I have tons of entries like that for my website. Unless you have a login.php script somewhere I wouldn't worry about it. You may want to do something to reduce the server overhead for processing these results - like throwing a 404, or redirecting to the homepage, etc.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Re: The "domain.com/index.php/login.php" kind of requests in

Post by John Cartwright »

This is a simple trick to route all traffic through your index.php.

The server stops looking at the request uri after it finds index.php, and the rest of the information is simply accessible through REQUEST_URI to determine which requests you are actually trying to fulfil. It's basically a poor man's mod rewrite implementation, and index.php is a front controller.
Post Reply