Chris Largret wrote:
This full-path disclosure showed up on BugTraq a couple hours ago. Just in case you missed it, you can find a copy here:
http://www.securityfocus.com/archive/1/419706/30/0/threaded
-- Chris Largret http://daga.dyndns.org
Wow, a PHP warning in a piece of alpha software when tampering with the request string. Sound the alarm bells, we have full path disclosure.!
A real reason to post on Bugtraq rightaway and not informing this list first :)
Jasper