Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Win ME, Apache/1.3.20 and PHP/4.0.4pl1 Source disclosure Vulnerability
From: Bill Q <defacementmonitor () hotmail com>
Date: 15 Dec 2001 01:26:49 -0000


It appears as if PHP/4.0.4 installed on Win ME 
running Apache/1.3.20 will disclose php source if the 
url is entered with pounds surrounding the dot.
http://server.com/phpfile#.#php

I have tested this on:
Apache/1.3.22 (Win32) PHP/4.0.6 (Win2K pro)
And it is not vulnerable. This may be a Win ME thing..

I would be curious if Apache/1.3.22 on Win ME is 
vulnerable

Now WHY someone would have a webserver on 
ME....is another question....

  By Date           By Thread  

Current thread:
  • Win ME, Apache/1.3.20 and PHP/4.0.4pl1 Source disclosure Vulnerability Bill Q (Dec 15)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]