Just in case some of you don't understand the term \"full path disclosure\".<br><br>Allow me to explain what it is. data is stored in files, these \"files\" are organized into directories (collections of files, or other directories)<br>when a file is in a directory in a directory in a directory, the names of the directories, are constructed into a \"path\"<br>ex c:windowssystem32etchosts<br><br>but you can also have relative paths, for example etchosts if the current directory is c:windowssystem32.<br><br>We all know relative path's on the webserver, for example forum/forum_newpost.php<br>(yeah these could be virtual, due to mod_rewrite, but let us assume they are not)<br><br>Now the website disclosed the full path, because of some error messages, which pinpointed what file was causing the error.<br><br><br>SO? This is like so boring, I don't understand why anybody would care to know this.<br><br>You would be largely correct this information, is not dynamite. (else I wouldn't have put it in a public forum)<br><br>However, it is NOT worthless. There are several attack vectors, which depend on the fact that you know absolute paths.<br>one of the most obvious ones is the load_file() function of mysql.<br>eventhough we assume that erik/tbs/... configured mysql correctly. There is this possibility they didn't. And then<br>a simple blind SQL injection. (sql injections easily sneak into a website like this, and they have at least ones before, when upgrades were done to the forum)<br>you could instead of selecting data from tables, whose names you have to guess. you could do<br>' and 97 = (select ascii(substring(load_file('/path/to/website/..../config.php')),x,1))<br>and this would allow you to read useful files from the disk through a simple blind sql injection.<br>This situation is not uncommon.<br><br>There are other vectors, which also benifit from the knowledge of these paths.<br><br><br><br>So in conclusion, it's a pretty \"lame\" thing this full path disclosure. and you know all about it that is worth knowing.<br>The only thing I have not told you is the \"actual\" full path. I have done this for several reasons<br>- It was already filtered by an admin<br>- I gain nothing by telling it again<br>- I actually don't have it stored on this computer.<br><br><br>That's about All I have to say about this, I didn't want to irritate anybody, this is somewhat a non-event.<br>however i'm sure this info is also in tbs's tutorial on web vulnerabilities. If it is don't forget to ack me when you add it.