|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Darko Romanov (darkoromanov
TISCALINET.IT)Date: Fri Mar 30 2001 - 09:25:40 CST
I've found a bug in php/MySQL that can show u the webroot path.
If u ask a non-existent file:
http://xxx.xxx.xxx.xxx/comments.php?file=.3425
server's answer is:
Warning: 0 is not a MySQL result index in /www/lc/linstart/www/other_languages/german/comments.php on line 74
I don't know if it's xploitable, I dont'know MySQL.
Let's xploit it!!
Darko
-- TiscaliNet, libero accesso ad Internet. http://www.tiscalinet.it
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]