[40328] in bugtraq
Re: AWstats Path Disclosure Vulnerability
daemon@ATHENA.MIT.EDU (Martin Pitt)
Fri Sep 16 02:02:05 2005
Date: Thu, 15 Sep 2005 10:01:23 +0200
From: Martin Pitt <martin.pitt@canonical.com>
To: Fournaux <fournaux@khmerdev.com>, bugtraq@securityfocus.com
Message-ID: <20050915080123.GD19618@box79162.elkhouse.de>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="q9KOos5vDmpwPx9o"
Content-Disposition: inline
In-Reply-To: <4328C733.6070301@khmerdev.com>
--q9KOos5vDmpwPx9o
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Hi Nicolas!
Fournaux [2005-09-15 2:58 +0200]:
> If you use this url :
> http://www.server.com/awstats/awstats.pl?config=3Dxxx
>=20
> You will get the full path on the hard drive of the script "awstats.pl"=
=20
> with all sub folders.
Ah, I see; I thought you meant the path of the configuration file.
Well, that makes it even less of a problem for distributions since the
path of program files of installed packages is common knowledge
anyway.
It might be a problem in custom installations, though.
Thanks for the clarification,
Martin
--=20
Martin Pitt http://www.piware.de
Ubuntu Developer http://www.ubuntulinux.org
Debian Developer http://www.debian.org
--q9KOos5vDmpwPx9o
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDKSpSDecnbV4Fd/IRArPSAKDUaA+PeWso5KdW6zQBCNM9UuHy7ACffbE4
0eB8o7H2oUXXFo83gBaQnmk=
=tZ5R
-----END PGP SIGNATURE-----
--q9KOos5vDmpwPx9o--
