18 Dec
2005
18 Dec
'05
8:19 p.m.
On Sun, 2005-12-18 at 00:19 +0100, Jasper Slits wrote:
Chris Largret wrote:
This full-path disclosure showed up on BugTraq a couple hours ago. Just in case you missed it, you can find a copy here:
Wow, a PHP warning in a piece of alpha software when tampering with the request string. Sound the alarm bells, we have full path disclosure.!
A real reason to post on Bugtraq rightaway and not informing this list first :)
Hehe... that was the reason I had originally posted. Guaging from the reply on Bugtraq (as was pointed out), it may be by design. While this is still alpha software, I prefer reading through my error_log file. Not that anyone else has access to it on my site anyway...
-- Chris Largret http://daga.dyndns.org