PHP :: Bug #68726 :: Full Path Disclosure Vulnerability

Bug #68726	Full Path Disclosure Vulnerability
Submitted:	2015-01-02 13:14 UTC	Modified:	2015-01-02 14:05 UTC
From:	muratyilmazlar1 at gmail dot com	Assigned:
Status:	Not a bug	Package:	*Configuration Issues
PHP Version:	Irrelevant	OS:	Windows, Linux
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	muratyilmazlar1 at gmail dot com
New email:
PHP Version:		OS:

New/Additional Comment:

[2015-01-02 13:14 UTC] muratyilmazlar1 at gmail dot com

Description:
------------
Although in itself does not lead to a real risk of attack,
it allows you to go back to the internal structure of a server via a website
and then to have more information to be used in case of pentesting,
putting at risk not only the safety of the site but around the server that supplies.

Test script:
---------------
Here is the official website:
http://faq.phpmyfaq.de/cron.verifyurls.php version: 2.8.12 

https://joker.com/faq/cron.verifyurls.php version:  2.7.7   

Expected result:
----------------
You can reach full path of website and server.


Actual result:
--------------
It could help hackers to hack site and sniffing.

Patches

add-patch-disc (last revision 2015-01-02 13:15 UTC by muratyilmazlar1 at gmail dot com)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2015-01-02 14:05 UTC] leigh@php.net

-Status: Open +Status: Not a bug -Package: MySQL related +Package: *Configuration Issues

[2015-01-02 14:05 UTC] leigh@php.net

Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

This is a configuration issue. You need to turn off the `display_errors` option.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri May 10 17:01:34 2024 UTC