its not me that have found the bug its someone else... ================================================= MegaHz Do you hear the clock ticking again on your networks ? http://www.the-megahz.com [EMAIL PROTECTED] ================================================= ----- Original Message ----- From: "Bug Database" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, March 31, 2001 5:42 PM Subject: PHP 4.0 Bug #10091 Updated: - > ID: 10091 > Updated by: cynic > Reported By: [EMAIL PROTECTED] > Old-Status: Open > Status: Bogus > Bug Type: *General Issues > Assigned To: > Comments: > > 1) you don't need mysql for this. any error message contains full path to the script. > > 2) this will only happen with display_errors on, which is _not_ recommended for production sites. > > 3) I don't think the zillions of PHP coder out there would be grateful if this authoring/debugging convenience disappeared. > > 4) you can always write your own error handler that won't give out the path. > > > > => bogus > > Previous Comments: > -------------------------------------------------------------------------- - > > [2001-03-31 09:35:34] [EMAIL PROTECTED] > at the bugtraq yesterday: > > I've found a bug in php/MySQL that can show u the webroot path. > > > > If u ask a non-existent file: > > http://xxx.xxx.xxx.xxx/comments.php?file=.3425 > > > > server's answer is: > > > > Warning: 0 is not a MySQL result index in /www/lc/linstart/www/other_languages/german/comments.php on line 74 > > > > I don't know if it's xploitable, I dont'know MySQL. > > Let's xploit it!! > > > > Darko > > > > > > -------------- > > But this: > > This will only happen if you have NOT turned off the error reporting in the > > php.ini file. If you turn it off, and log the errors to a file you will not > > get this. > > > > -------------------------------------------------------------------------- - > > > > ATTENTION! Do NOT reply to this email! > To reply, use the web interface found at http://bugs.php.net/?id=10091&edit=2 > > > -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
