|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
is this Full path disclosure ? |
|
Posted: Fri Jul 09, 2004 4:06 pm |
|
|
SteX |
Advanced user |
|
|
Joined: May 18, 2004 |
Posts: 181 |
Location: Serbia |
|
|
|
|
|
|
i go to nukemods.com download module trought google,and saw this:
Quote: | Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home/nukemods/domains/nukemods.com/public_html/includes/sql_layer.php on line 286 |
is this Full path disclosure or relative path disclosure ? |
|
_________________
We would change the world, but God won't give us the sourcecode...
....Watch the master. Follow the master. Be the master....
------------------------------------------------------- |
|
|
|
Posted: Sun Jul 11, 2004 1:14 pm |
|
|
madman |
Active user |
|
|
Joined: May 24, 2004 |
Posts: 46 |
|
|
|
|
|
|
|
It's full path disclosure.
This reveal the www path:
/home/nukemods/domains/nukemods.com/public_html/
Or, the user root path:
/home/nukemods/domains/nukemods.com/
Unfortunately, it also reveal the host account (nukemods.com) and probably the host panel software (cPanel). |
|
_________________ ch88rs,
madman |
|
|
|
|
a |
|
Posted: Sun Jul 11, 2004 8:43 pm |
|
|
SteX |
Advanced user |
|
|
Joined: May 18, 2004 |
Posts: 181 |
Location: Serbia |
|
|
|
|
|
|
hmm..i just searched the google for some themes,and clicked nukemods.com in the results ,and saw this.. |
|
_________________
We would change the world, but God won't give us the sourcecode...
....Watch the master. Follow the master. Be the master....
------------------------------------------------------- |
|
|
|
Posted: Mon Jul 12, 2004 5:25 pm |
|
|
madman |
Active user |
|
|
Joined: May 24, 2004 |
Posts: 46 |
|
|
|
|
|
|
|
Most PHP error/warning/notice msg can reveal physical path. But path disclosure does nothing unless you intend to gain root access to target account, e.g. FTP access through anonymous FTP vulnerabilities. |
|
_________________ ch88rs,
madman |
|
|
|
Posted: Mon Jul 12, 2004 8:33 pm |
|
|
SteX |
Advanced user |
|
|
Joined: May 18, 2004 |
Posts: 181 |
Location: Serbia |
|
|
|
|
|
|
madman wrote: | Most PHP error/warning/notice msg can reveal physical path. But path disclosure does nothing unless you intend to gain root access to target account, e.g. FTP access through anonymous FTP vulnerabilities. |
yes,i know that.. |
|
_________________
We would change the world, but God won't give us the sourcecode...
....Watch the master. Follow the master. Be the master....
------------------------------------------------------- |
|
|
|
Posted: Tue Jul 13, 2004 8:25 pm |
|
|
madman |
Active user |
|
|
Joined: May 24, 2004 |
Posts: 46 |
|
|
|
|
|
|
|
SteX wrote: |
yes,i know that.. |
Know what Stealing FTP password? |
|
_________________ ch88rs,
madman |
|
|
|
Posted: Mon Jul 26, 2004 10:10 pm |
|
|
hackr3d |
Regular user |
|
|
Joined: Jun 13, 2004 |
Posts: 10 |
|
|
|
|
|
|
|
|
_________________ venezuela hacking...!! |
|
|
|
www.waraxe.us Forum Index -> Full path disclosure
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|