Bugtraq mailing list archives

Re: AWstats Path Disclosure Vulnerability

From: Martin Pitt <martin.pitt () canonical com>
Date: Thu, 15 Sep 2005 10:01:23 +0200

Hi Nicolas!

Fournaux [2005-09-15  2:58 +0200]:

If you use this url :
http://www.server.com/awstats/awstats.pl?config=xxx

You will get the full path on the hard drive of the script "awstats.pl" 
with all sub folders.


Ah, I see; I thought you meant the path of the configuration file.

Well, that makes it even less of a problem for distributions since the
path of program files of installed packages is common knowledge
anyway.

It might be a problem in custom installations, though.

Thanks for the clarification,

Martin
-- 
Martin Pitt              http://www.piware.de
Ubuntu Developer   http://www.ubuntulinux.org
Debian Developer        http://www.debian.org

Attachment: signature.asc
Description: Digital signature

Current thread:

Re: AWstats Path Disclosure Vulnerability Fournaux (Sep 15)
- Re: AWstats Path Disclosure Vulnerability cwh01 (Sep 15)
- Re: AWstats Path Disclosure Vulnerability Martin Pitt (Sep 15)