Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: Re: ASP Security Hole (PHP Too)

Re: ASP Security Hole (PHP Too)

From: Alexander Leidinger <Alexander_at_LEIDINGER.NET>
Date: Thu, 17 Feb 2000 12:32:42 +0100

On 15 Feb, Joshua J. Drake wrote:
> The following is also true for PHP. Naming PHP include files .inc gives
> anyone full-read access to the files by simply requesting them by name.
>
> The solution of course is to do one of the following:
>
> a. name php include files with a PHP extension (.php, .php3, etc) that is
> associated with PHP parsing them
> b. associate .inc files with PHP so that they are parsed and not displayed

c. don't put include files below your DocumentRoot, use
   php3_include_path (apache-modul) or include_path (php3.ini) instead.

Bye,
Alexander. 

--
            It is easier to fix Unix than to live with NT.
http://www.Leidinger.net                  Alexander+Home @ Leidinger.net
  Key fingerprint = 7423 F3E6 3A7E B334 A9CC  B10A 1F5F 130A A638 6E7E
Received on Feb 18 2000
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos