 |
 |
 |
 |
|
|
Date: 03/31/01
- Next message: cynic <email protected>: "[PHP-DEV] PHP 4.0 Bug #10016 Updated: MySQL connection"
- Previous message: cynic <email protected>: "[PHP-DEV] PHP 4.0 Bug #10025 Updated: bison reports error with 'S' parameter"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
From: megahz <email protected>
Operating system: -
PHP version: 4.0.4pl1
PHP Bug Type: *General Issues
Bug description: -
at the bugtraq yesterday:
I've found a bug in php/MySQL that can show u the webroot path.
If u ask a non-existent file:
http://xxx.xxx.xxx.xxx/comments.php?file=.3425
server's answer is:
Warning: 0 is not a MySQL result index in /www/lc/linstart/www/other_languages/german/comments.php on line 74
I don't know if it's xploitable, I dont'know MySQL.
Let's xploit it!!
Darko
--------------
But this:
This will only happen if you have NOT turned off the error reporting in the
php.ini file. If you turn it off, and log the errors to a file you will not
get this.
-- Edit Bug report at: http://bugs.php.net/?id=10091&edit=1-- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: php-dev-unsubscribe <email protected> For additional commands, e-mail: php-dev-help <email protected> To contact the list administrators, e-mail: php-list-admin <email protected>
- Next message: cynic <email protected>: "[PHP-DEV] PHP 4.0 Bug #10016 Updated: MySQL connection"
- Previous message: cynic <email protected>: "[PHP-DEV] PHP 4.0 Bug #10025 Updated: bison reports error with 'S' parameter"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]