Bugtraq mailing list archives
Re: DotClear Full Path Disclosure Vulnerability
From: Gmail account <god.ate.my.homework () gmail com>
Date: Tue, 13 Feb 2007 20:57:00 +0200
Well the ideal situation for incuding files is when your root is not yout webroot. But if you dont have this you can make a workaround by placing every php file that is not directy called (but included) into a folder and place in it an .htaccess file with a deny from all command so it would not be accesible from anyone through a browser.
Current thread:
- DotClear Full Path Disclosure Vulnerability raphael . huck (Feb 12)
- Re: DotClear Full Path Disclosure Vulnerability Cedric Blancher (Feb 13)
- Re: DotClear Full Path Disclosure Vulnerability Raphaël HUCK (Feb 13)
- Re: DotClear Full Path Disclosure Vulnerability Cedric Blancher (Feb 13)
- Re: DotClear Full Path Disclosure Vulnerability Raphaël HUCK (Feb 13)
- Re: DotClear Full Path Disclosure Vulnerability Cedric Blancher (Feb 13)
- Re: DotClear Full Path Disclosure Vulnerability Gmail account (Feb 13)
- Re: DotClear Full Path Disclosure Vulnerability Raphaël HUCK (Feb 14)
- Re: DotClear Full Path Disclosure Vulnerability Cedric Blancher (Feb 14)
- Re: DotClear Full Path Disclosure Vulnerability Raphaël HUCK (Feb 13)
- Re: DotClear Full Path Disclosure Vulnerability Cedric Blancher (Feb 13)