full path disclosure. – 14 Posts

• full path disclosure.

  04/23/2007 18:52

  UnknownUser 2,7290

  Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified

  -- <img alt="\&quot;:nono:\&quot;" src="%5C"> keep silent <img alt="\&quot;:nono:\&quot;" src="%5C"> --

  Edited by Erik 04/23/2007 19:01 ago

  Edit

  Reply

  Quote

  0 Likes
• 04/23/2007 18:52

  sniperkid 5440

  Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified

  uh uh someones been doing something naughty <img alt="\&quot;:nono:\&quot;" src="%5C">.<br><br>

  Edit

  Reply

  Quote

  0 Likes
• 04/23/2007 18:52

  UnknownUser 2,7290

  Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified

  no it, showed up on error.<br><br>furthermore you should not have been able to access the files directly. this leaves open guessing other files in the ***** directory<br>which in their bare form might be exploitable.<br><br>keeping silent rarely ever is the answer.

  Edit

  Reply

  Quote

  0 Likes
• 04/23/2007 18:52

  aceldama 4340

  Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified

  damn... ...missed it! <img alt="\&quot;:rage:\&quot;" src="%5C">

  Edit

  Reply

  Quote

  0 Likes
• 04/23/2007 18:52

  devnull 300

  Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified

  Nooooo....... i wanted to know what was this about <img alt="\&quot;:(\&quot;" src="%5C">

  Edit

  Reply

  Quote

  0 Likes
• 04/23/2007 18:52

  Erik 5680

  Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified

  Hi,<br><br>there habe been a lot of these errors over the years.<br>I guess everyone could now about the path.<br><br>Cu, Erik <img alt="\&quot;:)\&quot;" src="%5C">

  Edit

  Reply

  Quote

  0 Likes
• 04/23/2007 18:52

  javey 2380

  Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified

  You're gonna tell us?

  Edit

  Reply

  Quote

  0 Likes
• 04/23/2007 18:52

  Erik 5680

  Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified

  Hi,<br><br>Doesn't matter.<br>You wont get any access any more.<br><br>Cu, Erik <img alt="\&quot;:)\&quot;" src="%5C">

  Edit

  Reply

  Quote

  0 Likes
• 04/23/2007 18:52

  Erik 5680

  Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified

  By the way,<br><br>thanks for the report, rhican!<br><br>Cu, Erik <img alt="\&quot;:)\&quot;" src="%5C">

  Edit

  Reply

  Quote

  0 Likes
• 04/23/2007 18:52

  javey 2380

  Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified

  I don't want access <img alt="\&quot;:P\&quot;" src="%5C"> I just want to know what it was!

  Edit

  Reply

  Quote

  0 Likes
• 04/23/2007 18:52

  Element 920

  Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified

  Yeah, same here

  Edit

  Reply

  Quote

  0 Likes
• 04/23/2007 18:52

  occasus 3060

  Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified

  I agree with others (javey, Element...) and you Eric say explicitly that we won't get access in any case... so? Where is the problem?<br>

  Edit

  Reply

  Quote

  0 Likes
• 04/23/2007 18:52

  UnknownUser 2,7290

  Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified

  Just in case some of you don't understand the term \"full path disclosure\".<br><br>Allow me to explain what it is. data is stored in files, these \"files\" are organized into directories (collections of files, or other directories)<br>when a file is in a directory in a directory in a directory, the names of the directories, are constructed into a \"path\"<br>ex c:windowssystem32etchosts<br><br>but you can also have relative paths, for example etchosts if the current directory is c:windowssystem32.<br><br>We all know relative path's on the webserver, for example forum/forum_newpost.php<br>(yeah these could be virtual, due to mod_rewrite, but let us assume they are not)<br><br>Now the website disclosed the full path, because of some error messages, which pinpointed what file was causing the error.<br><br><br>SO? This is like so boring, I don't understand why anybody would care to know this.<br><br>You would be largely correct this information, is not dynamite. (else I wouldn't have put it in a public forum)<br><br>However, it is NOT worthless. There are several attack vectors, which depend on the fact that you know absolute paths.<br>one of the most obvious ones is the load_file() function of mysql.<br>eventhough we assume that erik/tbs/... configured mysql correctly. There is this possibility they didn't. And then<br>a simple blind SQL injection. (sql injections easily sneak into a website like this, and they have at least ones before, when upgrades were done to the forum)<br>you could instead of selecting data from tables, whose names you have to guess. you could do<br>' and 97 = (select ascii(substring(load_file('/path/to/website/..../config.php')),x,1))<br>and this would allow you to read useful files from the disk through a simple blind sql injection.<br>This situation is not uncommon.<br><br>There are other vectors, which also benifit from the knowledge of these paths.<br><br><br><br>So in conclusion, it's a pretty \"lame\" thing this full path disclosure. and you know all about it that is worth knowing.<br>The only thing I have not told you is the \"actual\" full path. I have done this for several reasons<br>- It was already filtered by an admin<br>- I gain nothing by telling it again<br>- I actually don't have it stored on this computer.<br><br><br>That's about All I have to say about this, I didn't want to irritate anybody, this is somewhat a non-event.<br>however i'm sure this info is also in tbs's tutorial on web vulnerabilities. If it is don't forget to ack me when you add it.

  Edit

  Reply

  Quote

  0 Likes
• 04/23/2007 18:52

  occasus 3060

  Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified

  Thanks rhican for the nice explanation... Some things has been cleard to my mind <img alt="\&quot;:)\&quot;" src="%5C"><br>

  Edit

  Reply

  Quote

  0 Likes