Bugtraq mailing list archives
RE: Security Advisory - #1
From: "Colby Marks" <Colby () DigitalJunction com>
Date: Thu, 7 Feb 2002 23:34:25 -0500
Unconfirmed. Windows 2000 sp2 plus postsp2rollup patch + PHP 4.0.6 Response from my webserver is as follows: CGI Error The specified CGI application misbehaved by not returning a complete set of HTTP headers. The headers it did return are: http://www.somewebsite.com/somesubdir/index.php/123 This format failed the test. HOWEVER http://www.somewebsite.com/somesubdir/index.php/ Passed the test and revealed the TRUE location of the File, not the location of the PHP installation directory. This can be avoided by disabling the showing of scripting errors in IIS. What version of Windows and what service packs, plus what version of PHP are you using? -Colby -----Original Message----- From: Paul Brereton [mailto:brereton_paul () btopenworld com] Sent: Thursday, February 07, 2002 7:00 AM To: bugs () securitytracker com; webmaster () hideaway net; contact () securitybugware org; exploit () nstalker com; security () winnetmag com; editors () apacheweek com; bugtraq () securityfocus com Subject: Security Advisory - #1 Title : Windows Based PHP Leaks True Path Author : Paul Brereton E-Mail : brereton_paul () btopenworld com Summary : PHP for Windows reveals the true path where the program was installed. This would be considered in most cases sensitive information. Details : By appending /123 to the end of a PHP file such as http://somehost/database.php/123 the PHP program will return its install path: The following message is displayed : Premature end of script headers: C:/php/php.exe Regards, Paul Brereton.
Current thread:
- Security Advisory - #1 Paul Brereton (Feb 07)
- Re: Security Advisory - #1 Dmitry Guyvoronsky (Feb 08)
- RE: Security Advisory - #1 Colby Marks (Feb 10)