Security Advisory - #1

From: Paul Brereton (brereton_paulat_private)
Date: Thu Feb 07 2002 - 03:59:50 PST

Next message: Brad Maloney: "Re: Infecting the KaZaA network?"

Previous message: Adam Lydick: "Re: Infecting the KaZaA network? (unlikely)"
Next in thread: Dmitry Guyvoronsky: "Re: Security Advisory - #1"
Reply: Dmitry Guyvoronsky: "Re: Security Advisory - #1"
Reply: Colby Marks: "RE: Security Advisory - #1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Title : Windows Based PHP Leaks True Path
Author : Paul Brereton
E-Mail : brereton_paulat_private

Summary : PHP for Windows reveals the true path where the program was
installed. This would be considered in most cases sensitive information.

Details : By appending /123 to the end of a PHP file such as
http://somehost/database.php/123 the PHP program will return its install
path:
 The following message is displayed : Premature end of script headers:
C:/php/php.exe


Regards,

Paul Brereton.

Next message: Brad Maloney: "Re: Infecting the KaZaA network?"
Previous message: Adam Lydick: "Re: Infecting the KaZaA network? (unlikely)"
Next in thread: Dmitry Guyvoronsky: "Re: Security Advisory - #1"
Reply: Dmitry Guyvoronsky: "Re: Security Advisory - #1"
Reply: Colby Marks: "RE: Security Advisory - #1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Feb 07 2002 - 13:56:44 PST