I noticed some strange requests in my Apache logs today. People were referencing external files named “test.txt” in arguments to PHP scripts. It seems to be a remote execution exploit targeting Windows servers, but I’m not sure which piece of software is at risk. I’ll update this page if I find it’s targeting some specific software.
I saved a copy for posterity, after replacing the opening PHP brace with “<-- php.”
