[24201] in bugtraq
Re: Security Advisory - #1
daemon@ATHENA.MIT.EDU (Dmitry Guyvoronsky)
Fri Feb 8 17:41:05 2002
Date: Fri, 8 Feb 2002 09:28:33 +0200
From: Dmitry Guyvoronsky <demiurg@altaee.com>
Message-ID: <1573936545.20020208092833@altaee.com>
To: "Paul Brereton" <brereton_paul@btopenworld.com>
Cc: bugtraq@securityfocus.com
In-Reply-To: <001301c1afce$f2930650$0201a8c0@PAULBRERETON>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
PB> Details : By appending /123 to the end of a PHP file such as
PB> http://somehost/database.php/123 the PHP program will return its install
PB> path:
PB> The following message is displayed : Premature end of script headers:
PB> C:/php/php.exe
This message is shown only if PHP installed as stand-alone CGI module.
In case of installation as web Apache module, "/123" will be simply
stored in global variable $PATH_INFO
--
With best regards,
Dmitry Guyvoronsky
