[NT] PHP Reveals True Path (OPTIONS)
From: support@securiteam.comDate: 02/03/02
- Previous message: support@securiteam.com: "[UNIX] Xoops Private Message System Script Injection"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Sun, 3 Feb 2002 22:35:18 +0100 (CET)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
PHP Reveals True Path (OPTIONS)
------------------------------------------------------------------------
SUMMARY
When a web administrator installs Apache with PHP and adds index.php to
the Apache configuration file, Apache first looks for index.php when
sending back the default web page for this directory. This opens up a
security weakness that allows remote attackers to gain sensitive
information about the directory structure of the Apache and PHP
installation.
DETAILS
Sending an OPTIONS request to the web server reveals the installation path
of PHP.
Example:
The OPTIONS output is show here:
> OPTIONS / HTTP/1.1
> Host: 192.168.1.2
> Accept: */*
< HTTP/1.1 500 Internal Server Error
< Date: Sun, 03 Feb 2002 10:56:53 GMT
< Server: Apache/2.0.28 (Win32)
< Vary: accept-language
< Accept-Ranges: bytes
< Content-Length: 680
< Connection: close
< Content-Type: text/html; charset=ISO-8859-1
< <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
< <HTML>
< <HEAD>
< <TITLE>Server error!</TITLE>
< <LINK REV="made" HREF="mailto:admin@192.168.1.2">
< </HEAD>
<
< <BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000CC">
< <H1>Server error!</H1>
< <DL>
< <DD>
<
<
<
< handler "cgi-script" not found for: C:/php/php.exe
<
<
< </DL><DL><DD>
<If you think this is a server error, please contact
<the <A HREF="mailto:admin@192.168.1.2">Webmaster</A>
<
< </DL>
<
< <H2>Error 500</H2>
< <DL>
< <DD>
< <ADDRESS>
< 192.168.1.2
< <BR>
<
< <small>02/03/02 10:56:53</small>
< <BR>
< <small>Apache/2.0.28 (Win32)</small>
< </ADDRESS>
< </DL>
< </BODY>
< </HTML>
<
As you can see the line " handler "cgi-script" not found for:
C:/php/php.exe " reveals the install path of PHP.
ADDITIONAL INFORMATION
The information has been provided by
<mailto:brereton_paul@btopenworld.com> Paul Brereton.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[UNIX] Xoops Private Message System Script Injection"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
