test.txt: PHP Exploit in Server Logs

Annika Backstrom
in misc, on 5 February 2008. It is tagged and #Web.

I noticed some strange requests in my Apache logs today. People were referencing external files named "test.txt" in arguments to PHP scripts. It seems to be a remote execution exploit targeting Windows servers, but I'm not sure which piece of software is at risk. I'll update this page if I find it's targeting some specific software.

I saved a copy for posterity, after replacing the opening PHP brace with "\<-- php."