Home page logo
/

bugtraq logo Bugtraq mailing list archives

Security Advisory - #1
From: "Paul Brereton" <brereton_paul () btopenworld com>
Date: Thu, 7 Feb 2002 11:59:50 -0000

Title : Windows Based PHP Leaks True Path
Author : Paul Brereton
E-Mail : brereton_paul () btopenworld com

Summary : PHP for Windows reveals the true path where the program was
installed. This would be considered in most cases sensitive information.

Details : By appending /123 to the end of a PHP file such as
http://somehost/database.php/123 the PHP program will return its install
path:
 The following message is displayed : Premature end of script headers:
C:/php/php.exe


Regards,

Paul Brereton.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault