[24226] in bugtraq
RE: Security Advisory - #1
daemon@ATHENA.MIT.EDU (Colby Marks)
Sun Feb 10 03:19:05 2002
Reply-To: <Colby@BurlingtonVT.Com>
From: "Colby Marks" <Colby@DigitalJunction.com>
To: "'Paul Brereton'" <brereton_paul@btopenworld.com>,
<bugs@securitytracker.com>, <webmaster@hideaway.net>,
<contact@securitybugware.org>, <exploit@nstalker.com>,
<security@winnetmag.com>, <editors@apacheweek.com>,
<bugtraq@securityfocus.com>
Date: Thu, 7 Feb 2002 23:34:25 -0500
Message-ID: <001d01c1b059$e3bf5670$9b00a8c0@burlingtonvt.net>
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
In-Reply-To: <001301c1afce$f2930650$0201a8c0@PAULBRERETON>
Unconfirmed.
Windows 2000 sp2 plus postsp2rollup patch + PHP 4.0.6
Response from my webserver is as follows:
CGI Error
The specified CGI application misbehaved by not returning a complete set
of HTTP headers. The headers it did return are:
http://www.somewebsite.com/somesubdir/index.php/123
This format failed the test.
HOWEVER
http://www.somewebsite.com/somesubdir/index.php/
Passed the test and revealed the TRUE location of the File, not the
location of the PHP installation directory. This can be avoided by
disabling the showing of scripting errors in IIS.
What version of Windows and what service packs, plus what version of PHP
are you using?
-Colby
-----Original Message-----
From: Paul Brereton [mailto:brereton_paul@btopenworld.com]
Sent: Thursday, February 07, 2002 7:00 AM
To: bugs@securitytracker.com; webmaster@hideaway.net;
contact@securitybugware.org; exploit@nstalker.com;
security@winnetmag.com; editors@apacheweek.com;
bugtraq@securityfocus.com
Subject: Security Advisory - #1
Title : Windows Based PHP Leaks True Path
Author : Paul Brereton
E-Mail : brereton_paul@btopenworld.com
Summary : PHP for Windows reveals the true path where the program was
installed. This would be considered in most cases sensitive information.
Details : By appending /123 to the end of a PHP file such as
http://somehost/database.php/123 the PHP program will return its install
path:
The following message is displayed : Premature end of script headers:
C:/php/php.exe
Regards,
Paul Brereton.
