mailing list archives
RE: Security Advisory - #1
From: "Colby Marks" <Colby () DigitalJunction com>
Date: Thu, 7 Feb 2002 23:34:25 -0500
Windows 2000 sp2 plus postsp2rollup patch + PHP 4.0.6
Response from my webserver is as follows:
The specified CGI application misbehaved by not returning a complete set
of HTTP headers. The headers it did return are:
This format failed the test.
Passed the test and revealed the TRUE location of the File, not the
location of the PHP installation directory. This can be avoided by
disabling the showing of scripting errors in IIS.
What version of Windows and what service packs, plus what version of PHP
are you using?
From: Paul Brereton [mailto:brereton_paul () btopenworld com]
Sent: Thursday, February 07, 2002 7:00 AM
To: bugs () securitytracker com; webmaster () hideaway net;
contact () securitybugware org; exploit () nstalker com;
security () winnetmag com; editors () apacheweek com;
bugtraq () securityfocus com
Subject: Security Advisory - #1
Title : Windows Based PHP Leaks True Path
Author : Paul Brereton
E-Mail : brereton_paul () btopenworld com
Summary : PHP for Windows reveals the true path where the program was
installed. This would be considered in most cases sensitive information.
Details : By appending /123 to the end of a PHP file such as
http://somehost/database.php/123 the PHP program will return its install
The following message is displayed : Premature end of script headers: