Page 1 of 1

The "domain.com/index.php/login.php" kind of requests in PHP

Posted: Tue Apr 26, 2011 8:09 am
by mjsw
Hi all,

I have discovered new and very odd requests made to my PHP website that looks like:

www.domain.com/index.php/login.php

The odd part in this request is that there are two files with php extension requested from the server and it seems that both files gets processed.

When such request is made, index.php is displayed first but there is no style applied to it and some additional informations from login.php are displayed below.

My question is, what is this, how you call it and where can I find more details on this? It is obvious it is some kind of security hole that people are exploiting and I wasn't aware of.

Thank you in advance!

Re: The "domain.com/index.php/login.php" kind of requests in

Posted: Tue Apr 26, 2011 9:47 am
by getmizanur
not really sure however i'm guessing it may be you have mod rewrite rule set up in your .htaccess that is not working

Re: The "domain.com/index.php/login.php" kind of requests in

Posted: Wed Apr 27, 2011 12:57 pm
by pickle
This is probably a bot trying to be sneaky. I have tons of entries like that for my website. Unless you have a login.php script somewhere I wouldn't worry about it. You may want to do something to reduce the server overhead for processing these results - like throwing a 404, or redirecting to the homepage, etc.

Re: The "domain.com/index.php/login.php" kind of requests in

Posted: Tue May 03, 2011 4:11 pm
by John Cartwright
This is a simple trick to route all traffic through your index.php.

The server stops looking at the request uri after it finds index.php, and the rest of the information is simply accessible through REQUEST_URI to determine which requests you are actually trying to fulfil. It's basically a poor man's mod rewrite implementation, and index.php is a front controller.