PHP with Apache on Windows 2000 vulnerable to dire
PHP with Apache on Windows 2000 vulnerable to directory traversal
Dec, 12 2000 - 06:53
contributed by: hx
Summary
A security vulnerability has been found in Windows NT/2000 systems that have Apache and PHP installed. The vulnerability allows remote attackers to access files outside the document root directory scope.
Details
Vulnerable systems:
Apache 1.3.6 and PHP3 under Windows 2000
By sending the following URL request:
http://www.example.com/index.php3.\../..\conf/httpd.conf
It is possible to cause the Apache server to send back the content of /etc/httpd.conf.
Additional information
The information has been provided by china nsl.
PHP with Apache on Windows 2000 vulnerable to directory traversal
Dec, 12 2000 - 06:53
contributed by: hx
Summary
A security vulnerability has been found in Windows NT/2000 systems that have Apache and PHP installed. The vulnerability allows remote attackers to access files outside the document root directory scope.
Details
Vulnerable systems:
Apache 1.3.6 and PHP3 under Windows 2000
By sending the following URL request:
http://www.example.com/index.php3.\../..\conf/httpd.conf
It is possible to cause the Apache server to send back the content of /etc/httpd.conf.
Additional information
The information has been provided by china nsl.