i made a slight mistake on my PHP code this afternoon and some weird thing happened. just to make sure that this was not some random error, i repeated this several times using both my root and regular users to run the program. the same thing came out.
here are the few lines that caused this:
$source=$_FILES[‘$fsource’][‘$name’]; // this is the line where i made the mistake.
simple breakdown on the code:
- $source is just a pointer to the file w/c gets uploaded. this file is a tar-bzipped archive.
- the function extractExports($source) is my wrapper to a PEAR class. File_Archive to be exact.
- the process then extracts the archive into a folder.
- $_FILES[‘$fsource’][‘$name’] is obviously wrong.
- [‘$fsource’] and [‘$name’] should’ve been [‘source’] and [‘name’] instead.
what came out:
…… (*.rules) <– a lot of udev rules for devices
maybe i should report this ASAP to php.net. has anyone ever encountered anything like this? this might be an exploit or something.