ID: 10091
Updated by: jmoore
Status: Bogus
Bug Type: *General Issues
Assigned To: 

Just a note to say this must have been somthing posted a long time ago (at least I 
didnt see it yesterday) and is not a bug or vunrability in PHP as cynic pointed out as 
there are various members of the PHP Team who watch bugtraq and react to anything 
related to PHP.


Previous Comments:

[2001-03-31 09:42:25] [EMAIL PROTECTED]
1) you don't need mysql for this. any error message contains full path to the script.
2) this will only happen with display_errors on, which is _not_ recommended for 
production sites.
3) I don't think the zillions of PHP coder out there would be grateful if this 
authoring/debugging convenience disappeared.
4) you can always write your own error handler that won't give out the path.

=> bogus


[2001-03-31 09:35:34] [EMAIL PROTECTED]
at the bugtraq yesterday:
I've found a bug in php/MySQL that can show u the webroot path.

If u ask a non-existent file:

server's answer is:

Warning: 0 is not a MySQL result index in 
/www/lc/linstart/www/other_languages/german/comments.php on line 74

I don't know if it's xploitable, I dont'know MySQL.
Let's xploit it!!


But this:
This will only happen if you have NOT turned off the error reporting in the
php.ini file. If you turn it off, and log the errors to a file you will not
get this.


ATTENTION! Do NOT reply to this email!
To reply, use the web interface found at

PHP Development Mailing List <>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to