PHP Advisory #2

From: Paul Brereton (brereton_paul@btopenworld.com)
Date: 02/07/02


From: "Paul Brereton" <brereton_paul@btopenworld.com>
To: <bugs@securitytracker.com>, <webmaster@hideaway.net>, <contact@securitybugware.org>, <exploit@nstalker.com>, <security@winnetmag.com>, <editors@apacheweek.com>, <bugtraq@securityfocus.com>
Date: Thu, 7 Feb 2002 12:03:00 -0000

Title : PHP Reveals True Path (OPTIONS)
Author : Paul Brereton
E-Mail : brereton_paul@btopenworld.com

Summary : When a web administrator installs Apache with PHP and adds
index.php to the Apache configuration file, Apache first looks for index.php
when sending back the default web page for this directory. This opens up a
security weakness that allows remote attackers to gain sensitive information
about the directory structure of the Apache and PHP installation.

Details :Sending an OPTIONS request to the web server reveals the
installation path of PHP.

Example:
The OPTIONS output is show here:

> OPTIONS / HTTP/1.1
> Host: 192.168.1.2
> Accept: */*

< HTTP/1.1 500 Internal Server Error
< Date: Sun, 03 Feb 2002 10:56:53 GMT
< Server: Apache/2.0.28 (Win32)
< Vary: accept-language
< Accept-Ranges: bytes
< Content-Length: 680
< Connection: close
< Content-Type: text/html; charset=ISO-8859-1

< <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
< <HTML>
< <HEAD>
< <TITLE>Server error!</TITLE>
< <LINK REV="made" HREF="mailto:admin@192.168.1.2">
< </HEAD>
<
< <BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000CC">
< <H1>Server error!</H1>
< <DL>
< <DD>
<
<
<
< handler "cgi-script" not found for: C:/php/php.exe
<
<
< </DL><DL><DD>
<If you think this is a server error, please contact
<the <A HREF="mailto:admin@192.168.1.2">Webmaster</A>
<
< </DL>
<
< <H2>Error 500</H2>
< <DL>
< <DD>
< <ADDRESS>
< 192.168.1.2
< <BR>
<
< <small>02/03/02 10:56:53</small>
< <BR>
< <small>Apache/2.0.28 (Win32)</small>
< </ADDRESS>
< </DL>
< </BODY>
< </HTML>
<

As you can see the line " handler "cgi-script" not found for: C:/php/php.exe
" reveals the install path of PHP.



Relevant Pages

  • Re: Installing PHP on MacOS X
    ... I've installed php a few times on OSX Macs, ... php runs under the Apache web server, so you need to have Apache ... part of OSX, but it is switched off by default for security reasons. ... The test.php file referred to in the Entropy installation ...
    (alt.php)
  • Re: phpmyadmin & apache22
    ... of course I have compiled php5 with the apache module. ... Your problem is with your PHP ... installation rather than any of the other components mentioned. ...
    (freebsd-questions)
  • Re: Apache2 & php5 Problem
    ... The file contains a test message between header tags and below ... message from the php script line. ... This gives you all the information about your PHP installation. ... You might need to add an AddHandler directive to your Apache config file if there isn't one already and a ScriptAlias ...
    (Debian-User)
  • Re: Need help configuring php 4.3.10 with Apache 2.0.53
    ... Due to the difficulties with SuSE's setup of Apache, I was unable to get SSL to work with the distro's installation of Apache so uninstalled, reinstalling 2.0.53 from Apache's site. ... I restarted Apache over and over without php working. ...
    (alt.php)
  • Re: Unable to load dynamic link library php_mysql.dll - Apache 2.2.6/PHP 5.2.6
    ... I am attempting to perform a PHP installation on an Apache 2.2.6 web ... Apache instance that requires PHP 5.2.6 loaded with MySql support. ... extension I recieve the following error message: ...
    (comp.lang.php)