Win ME, Apache/1.3.20 and PHP/4.0.4pl1 Source disclosure Vulnerability

From: Bill Q (defacementmonitorat_private)
Date: Fri Dec 14 2001 - 17:26:49 PST

Next message: Bill Clawson: "Re: CERT Advisory CA-2001-34 Buffer Overflow in System V Derived Login"

Previous message: jelmer: "MSIE6 can read local files"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) It appears as if PHP/4.0.4 installed on Win ME running Apache/1.3.20 will disclose php source if the url is entered with pounds surrounding the dot. http://server.com/phpfile#.#php I have tested this on: Apache/1.3.22 (Win32) PHP/4.0.6 (Win2K pro) And it is not vulnerable. This may be a Win ME thing.. I would be curious if Apache/1.3.22 on Win ME is vulnerable Now WHY someone would have a webserver on ME....is another question....

Next message: Bill Clawson: "Re: CERT Advisory CA-2001-34 Buffer Overflow in System V Derived Login"
Previous message: jelmer: "MSIE6 can read local files"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Dec 15 2001 - 11:37:07 PST