Bugtraq mailing list archives
Re: AWstats Path Disclosure Vulnerability
From: Martin Pitt <martin.pitt () canonical com>
Date: Thu, 15 Sep 2005 10:01:23 +0200
Hi Nicolas! Fournaux [2005-09-15 2:58 +0200]:
If you use this url : http://www.server.com/awstats/awstats.pl?config=xxx You will get the full path on the hard drive of the script "awstats.pl" with all sub folders.
Ah, I see; I thought you meant the path of the configuration file. Well, that makes it even less of a problem for distributions since the path of program files of installed packages is common knowledge anyway. It might be a problem in custom installations, though. Thanks for the clarification, Martin -- Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntulinux.org Debian Developer http://www.debian.org
Attachment:
signature.asc
Description: Digital signature
Current thread:
- Re: AWstats Path Disclosure Vulnerability Fournaux (Sep 15)
- Re: AWstats Path Disclosure Vulnerability cwh01 (Sep 15)
- Re: AWstats Path Disclosure Vulnerability Martin Pitt (Sep 15)