Title : Windows Based PHP Leaks True Path Author : Paul Brereton E-Mail : brereton_paulat_private Summary : PHP for Windows reveals the true path where the program was installed. This would be considered in most cases sensitive information. Details : By appending /123 to the end of a PHP file such as http://somehost/database.php/123 the PHP program will return its install path: The following message is displayed : Premature end of script headers: C:/php/php.exe Regards, Paul Brereton.
This archive was generated by hypermail 2b30 : Thu Feb 07 2002 - 13:56:44 PST