[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DotClear Full Path Disclosure Vulnerability

To: Cedric Blancher <blancher@xxxxxxxxxxxxxxxxxx>
Subject: Re: DotClear Full Path Disclosure Vulnerability
From: Gmail account <god.ate.my.homework@xxxxxxxxx>
Date: Tue, 13 Feb 2007 20:57:00 +0200

Well the ideal situation for incuding files is when your root is notyout webroot.But if you dont have this you can make a workaround by placing every phpfile that is not directy called (but included) into a folder and placein it an .htaccess file with a deny from all command so it would not beaccesible from anyone through a browser.

Follow-Ups:
- Re: DotClear Full Path Disclosure Vulnerability
  - From: Raphaël HUCK
- Re: DotClear Full Path Disclosure Vulnerability
  - From: Cedric Blancher

References:
- DotClear Full Path Disclosure Vulnerability
  - From: raphael . huck
- Re: DotClear Full Path Disclosure Vulnerability
  - From: Cedric Blancher
- Re: DotClear Full Path Disclosure Vulnerability
  - From: Raphaël HUCK
- Re: DotClear Full Path Disclosure Vulnerability
  - From: Cedric Blancher
- Re: DotClear Full Path Disclosure Vulnerability
  - From: Raphaël HUCK
- Re: DotClear Full Path Disclosure Vulnerability
  - From: Cedric Blancher

Prev by Date: Re: Denial Of Service in Internet Explorer for MS Windows Mobile 5.0
Next by Date: Re: Solaris telnet vulnberability - how many on your network?
Previous by thread: Re: DotClear Full Path Disclosure Vulnerability
Next by thread: Re: DotClear Full Path Disclosure Vulnerability
Index(es):
- Date
- Thread