Bugtraq mailing list archives
Security Advisory - #1
From: "Paul Brereton" <brereton_paul () btopenworld com>
Date: Thu, 7 Feb 2002 11:59:50 -0000
Title : Windows Based PHP Leaks True Path Author : Paul Brereton E-Mail : brereton_paul () btopenworld com Summary : PHP for Windows reveals the true path where the program was installed. This would be considered in most cases sensitive information. Details : By appending /123 to the end of a PHP file such as http://somehost/database.php/123 the PHP program will return its install path: The following message is displayed : Premature end of script headers: C:/php/php.exe Regards, Paul Brereton.
Current thread:
- Security Advisory - #1 Paul Brereton (Feb 07)
- Re: Security Advisory - #1 Dmitry Guyvoronsky (Feb 08)
- RE: Security Advisory - #1 Colby Marks (Feb 10)