Hi,
This mail just poppep up buqtrag. Although PHP 4.0.4pl1 is
old and it is unlikely someone is running it on a production
machine on Win ME I'ld like someone with access to Win ME and
standard Apache/PHP installation can verify this is true or
not.
Not only PHP 4.0.4pl1 but also 4.1.0 would be interesting.
- Markus
--
Please always Cc to me when replying to me on the lists.
--- Begin Message ---
It appears as if PHP/4.0.4 installed on Win ME
running Apache/1.3.20 will disclose php source if the
url is entered with pounds surrounding the dot.
http://server.com/phpfile#.#php
I have tested this on:
Apache/1.3.22 (Win32) PHP/4.0.6 (Win2K pro)
And it is not vulnerable. This may be a Win ME thing..
I would be curious if Apache/1.3.22 on Win ME is
vulnerable
Now WHY someone would have a webserver on
ME....is another question....
--- End Message ---
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
