Heine

  • home
  • drupal
  • about
Home

Clowns

ZeroDayScan - Full path disclosure bug in Drupal 6.16 (0day)

Heine — Wed, 28/04/2010 - 21:01

We recently received a report by "ZeroDayScan", about a "Full path disclosure bug in Drupal 6.16".

You can read the story @ http://blog.zerodayscan.com/2010/04/full-path-disclosure-bug-in-drupal-6.... As my short comment was removed from the post, I have to resort to a blogpost. My apologies for polluting the Planet.

Summary of the issue: If you set error reporting to the default value "Write errors to the log and to the screen", the installation path is displayed on the ...*drumroll*... screen.

Which is of course the point.

  • Clowns
  • Drupal
  • Planet Drupal
  • Security
  • 3 comments
  • Read more
Syndicate content

Recent posts

  • In doubt? Read the specs!
  • About the Webform SA
  • Psalmen voor Altblokfluit
  • Unserializing user-supplied data, a bad idea
  • Planet Drupal past and current
more

Security reviews

  • Afraid custom code makes your site vulnerable?
  • You don't really trust that module you just downloaded from Drupal.org?

Sleep better after a security review.

Tags

bladmuziek blood donation blood supply CSRF Drupal Input Format modx MSM Performance Planet Drupal Security Varnish
more tags
  • home
  • drupal
  • about

Copyright © 2011 by Heine Deelstra. All rights reserved.