 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 |
is this Full path disclosure ? |
 |
 Posted: Fri Jul 09, 2004 4:06 pm |
 |
|
| SteX |
| Advanced user |
 |
|
| Joined: May 18, 2004 |
| Posts: 181 |
| Location: Serbia |
|
|
 |
|
 |
|
i go to nukemods.com download module trought google,and saw this:
| Quote: | | Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home/nukemods/domains/nukemods.com/public_html/includes/sql_layer.php on line 286 |
is this Full path disclosure or relative path disclosure ? |
|
_________________
We would change the world, but God won't give us the sourcecode...
....Watch the master. Follow the master. Be the master....
------------------------------------------------------- |
|
|
|
| Posted: Sun Jul 11, 2004 1:14 pm |
|
|
| madman |
| Active user |
 |
|
| Joined: May 24, 2004 |
| Posts: 46 |
|
|
|
|
|
|
|
It's full path disclosure.
This reveal the www path:
/home/nukemods/domains/nukemods.com/public_html/
Or, the user root path:
/home/nukemods/domains/nukemods.com/
Unfortunately, it also reveal the host account (nukemods.com) and probably the host panel software (cPanel). |
|
_________________
ch88rs,
madman |
|
|
|
|
a |
|
| Posted: Sun Jul 11, 2004 8:43 pm |
|
|
| SteX |
| Advanced user |
|
|
| Joined: May 18, 2004 |
| Posts: 181 |
| Location: Serbia |
|
|
|
|
|
|
| hmm..i just searched the google for some themes,and clicked nukemods.com in the results ,and saw this.. |
|
_________________
We would change the world, but God won't give us the sourcecode...
....Watch the master. Follow the master. Be the master....
------------------------------------------------------- |
|
|
|
| Posted: Mon Jul 12, 2004 5:25 pm |
|
|
| madman |
| Active user |
|
|
| Joined: May 24, 2004 |
| Posts: 46 |
|
|
|
|
|
|
|
| Most PHP error/warning/notice msg can reveal physical path. But path disclosure does nothing unless you intend to gain root access to target account, e.g. FTP access through anonymous FTP vulnerabilities. |
|
_________________
ch88rs,
madman |
|
|
|
| Posted: Mon Jul 12, 2004 8:33 pm |
|
|
| SteX |
| Advanced user |
|
|
| Joined: May 18, 2004 |
| Posts: 181 |
| Location: Serbia |
|
|
|
|
|
|
| madman wrote: | | Most PHP error/warning/notice msg can reveal physical path. But path disclosure does nothing unless you intend to gain root access to target account, e.g. FTP access through anonymous FTP vulnerabilities. |
yes,i know that..  |
|
_________________
We would change the world, but God won't give us the sourcecode...
....Watch the master. Follow the master. Be the master....
------------------------------------------------------- |
|
|
|
| Posted: Tue Jul 13, 2004 8:25 pm |
|
|
| madman |
| Active user |
|
|
| Joined: May 24, 2004 |
| Posts: 46 |
|
|
|
|
|
|
|
| SteX wrote: |
yes,i know that.. |
Know what  Stealing FTP password? |
|
_________________
ch88rs,
madman |
|
|
|
| Posted: Mon Jul 26, 2004 10:10 pm |
|
|
| hackr3d |
| Regular user |
 |
|
| Joined: Jun 13, 2004 |
| Posts: 10 |
|
|
|
|
|
|
|
|
_________________
venezuela hacking...!! |
|
|
|
www.waraxe.us Forum Index -> Full path disclosure
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 37
Members: 0
Total: 37
