BugTraq
Re: AWstats Path Disclosure Vulnerability Sep 15 2005 12:58AM
Fournaux (fournaux khmerdev com) (2 replies)
Re: AWstats Path Disclosure Vulnerability Sep 15 2005 09:40PM
cwh01 www78 dixiesys com
Re: AWstats Path Disclosure Vulnerability Sep 15 2005 08:01AM
Martin Pitt (martin pitt canonical com)
Hi Nicolas!

Fournaux [2005-09-15 2:58 +0200]:
> If you use this url :
> http://www.server.com/awstats/awstats.pl?config=xxx
>
> You will get the full path on the hard drive of the script "awstats.pl"
> with all sub folders.

Ah, I see; I thought you meant the path of the configuration file.

Well, that makes it even less of a problem for distributions since the
path of program files of installed packages is common knowledge
anyway.

It might be a problem in custom installations, though.

Thanks for the clarification,

Martin
--
Martin Pitt http://www.piware.de
Ubuntu Developer http://www.ubuntulinux.org
Debian Developer http://www.debian.org

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus