Here's a little background. A long time ago I was going through my apache access_log and noticed a few entries where someone was trying to do some sort of exploit, and basically they were sending a ton of data in the GET request. That's normal and happens all the time. The weird thing was that at the end of the data I would see PHP code from my site. At the time I didn't know what to think of it, I just knew it wasn't good. Thinking about it now, it seems like it was most likely a heap overflow and the log buffer was overflowing into memory containing PHP code. When I first started this post I was thinking there may have been a way to replace the php code with your own, which is definitely not good and would allow you to do any number of things. Thinking about it now though, I'm thinking it's just code hanging around in memory from previous requests where the memory has been freed, but not overwritten. So when I started this post I was excited and thought it would be cool to try and replace the code, but now I'm not so sure that would do anything, but it still seems bad.

Anyways, I think this was apache 2.0.54 or 2.0.55, but I'm not sure. Is anyone running either of these with PHP? If so, can you check your logs and let me know if you see anything like this? I'd like to figure out which version it was and download it just to mess with it further. This was on a Linux machine, so I'm not sure the same thing would happen on a Windows machine. I'm running the 2.2 line now and I've never noticed anything like this. Thank you.