Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » PHP Include File Relative Directory Information Disclosure Vulnerability

PHP Include File Relative Directory Information Disclosure Vulnerability

by Nikola Strahija on February 11th, 2002 A path disclosure vulnerability exists in the default configuration of some releases of PHP when used with the Apache web server. If PHP include files are references with a relative directory, it is possible to cause the include statement to fail. Submitting a request for a php file appended with a trailing slash '/', will return an error message and the full path to the include file directory.


'Require' statements may also be susceptible to this issue.

Exploit: No exploit code is required.

Remote: Yes


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »