Bugtraq mailing list archives
Re: DotClear Full Path Disclosure Vulnerability
From: Raphaël HUCK <raphael.huck () free fr>
Date: Tue, 13 Feb 2007 22:39:04 +0100
Of course, there are multiple ways to secure software after their setup, provided you know a minimum about computer security.
But I think many people just do the default setup the easy way via the setup wizard.
That's why I believe the developers should take great care securing their software by default.
Well the ideal situation for incuding files is when your root is not yout webroot. But if you dont have this you can make a workaround by placing every php file that is not directy called (but included) into a folder and place in it an .htaccess file with a deny from all command so it would not be accesible from anyone through a browser.
Current thread:
- DotClear Full Path Disclosure Vulnerability raphael . huck (Feb 12)
- Re: DotClear Full Path Disclosure Vulnerability Cedric Blancher (Feb 13)
- Re: DotClear Full Path Disclosure Vulnerability Raphaël HUCK (Feb 13)
- Re: DotClear Full Path Disclosure Vulnerability Cedric Blancher (Feb 13)
- Re: DotClear Full Path Disclosure Vulnerability Raphaël HUCK (Feb 13)
- Re: DotClear Full Path Disclosure Vulnerability Cedric Blancher (Feb 13)
- Re: DotClear Full Path Disclosure Vulnerability Gmail account (Feb 13)
- Re: DotClear Full Path Disclosure Vulnerability Raphaël HUCK (Feb 14)
- Re: DotClear Full Path Disclosure Vulnerability Cedric Blancher (Feb 14)
- Re: DotClear Full Path Disclosure Vulnerability Raphaël HUCK (Feb 13)
- Re: DotClear Full Path Disclosure Vulnerability Cedric Blancher (Feb 13)