Bugtraq mailing list archives
Win ME, Apache/1.3.20 and PHP/4.0.4pl1 Source disclosure Vulnerability
From: Bill Q <defacementmonitor () hotmail com>
Date: 15 Dec 2001 01:26:49 -0000
It appears as if PHP/4.0.4 installed on Win ME running Apache/1.3.20 will disclose php source if the url is entered with pounds surrounding the dot. http://server.com/phpfile#.#php I have tested this on: Apache/1.3.22 (Win32) PHP/4.0.6 (Win2K pro) And it is not vulnerable. This may be a Win ME thing.. I would be curious if Apache/1.3.22 on Win ME is vulnerable Now WHY someone would have a webserver on ME....is another question....
Current thread:
- Win ME, Apache/1.3.20 and PHP/4.0.4pl1 Source disclosure Vulnerability Bill Q (Dec 15)