Security Advisory - #1

["Paul Brereton" <brereton_paul () btopenworld com>]

Title : Windows Based PHP Leaks True Path
Author : Paul Brereton
E-Mail : brereton_paul () btopenworld com

Summary : PHP for Windows reveals the true path where the program was
installed. This would be considered in most cases sensitive information.

Details : By appending /123 to the end of a PHP file such as
http://somehost/database.php/123 the PHP program will return its install
path:
 The following message is displayed : Premature end of script headers:
C:/php/php.exe


Regards,

Paul Brereton.