Re: DotClear Full Path Disclosure Vulnerability

To: Cedric Blancher <blancher@xxxxxxxxxxxxxxxxxx>
Subject: Re: DotClear Full Path Disclosure Vulnerability
From: Gmail account <god.ate.my.homework@xxxxxxxxx>
Date: Tue, 13 Feb 2007 20:57:00 +0200
Cc: Raphaël HUCK <raphael.huck@xxxxxxx>, bugtraq@xxxxxxxxxxxxxxxxx
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding; b=GydpqlMTwcfVuI4xFqXJH5GrG5NJ2204hHyHd9iQBPbDoKCdpW6a96+ROoO0vCPYtZx5rG5fbdBRSGVfMBZosgy/W8/b5ZtezRFdWYwJdzmvNMbIgeXgomGSdxL+S9E7jhFFUKAytVPLj8/XRnP02HzSKUL1nRdfs7zEMzKBNVs=
In-reply-to: <1171357839.28815.43.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <20070211232018.7799.qmail@xxxxxxxxxxxxxxxxx> <1171315726.4771.15.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> <45D0E15A.5000201@xxxxxxx> <1171345651.4771.20.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> <45D169EA.5080508@xxxxxxx> <1171357839.28815.43.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla Thunderbird 1.5.0.9 (Windows/20061207)

Well the ideal situation for incuding files is when your root is notyout webroot.But if you dont have this you can make a workaround by placing every phpfile that is not directy called (but included) into a folder and placein it an .htaccess file with a deny from all command so it would not beaccesible from anyone through a browser.

Follow-Ups:
- Re: DotClear Full Path Disclosure Vulnerability
  - From: Cedric Blancher
- Re: DotClear Full Path Disclosure Vulnerability
  - From: Raphaël HUCK

References:
- DotClear Full Path Disclosure Vulnerability
  - From: raphael . huck
- Re: DotClear Full Path Disclosure Vulnerability
  - From: Cedric Blancher
- Re: DotClear Full Path Disclosure Vulnerability
  - From: Raphaël HUCK
- Re: DotClear Full Path Disclosure Vulnerability
  - From: Cedric Blancher
- Re: DotClear Full Path Disclosure Vulnerability
  - From: Raphaël HUCK
- Re: DotClear Full Path Disclosure Vulnerability
  - From: Cedric Blancher

Prev by Date: Re: Denial Of Service in Internet Explorer for MS Windows Mobile 5.0
Next by Date: Re: Solaris telnet vulnberability - how many on your network?
Previous by thread: Re: DotClear Full Path Disclosure Vulnerability
Next by thread: Re: DotClear Full Path Disclosure Vulnerability
Index(es):
- Date
- Thread