WordPress.org

Support

Support » Miscellaneous » multiple full path disclosures

multiple full path disclosures

Viewing 2 replies - 1 through 2 (of 2 total)
  • please excuse my ignorance & enlighten some of us as to what is significant about full path disclosures. we’re ready when you’re ready. 🙂

    Sorry, I thought this would be commonly known. My fault, as it doesn’t seem to be true.

    A full path full path disclosure gives you information about a system you are not supposed to have. It prints the whole path of the affected file. The output of one of the files I posted above is:

    Hope that helps to understand the meaning of those errors 🙂
    “Fatal error: Call to undefined function: _e() in /var/www/somesite.com/htdocs/wp-admin/admin-footer.php on line 4″”
    You know know that this server stores it websites using the scheme /var/www/[sitename.tld]/. This is not yet critical but has a significance regarding security. When trying to exploit a system this information can be useful for the attacking person as it tells system information which definetly are not meant to be public.

    Hope that helps to understand the problem with those errors 🙂

    edit: Not sure, if this is the correct place to talk about this issue as I just found out that there is an email address for reporting security issues.
    Sorry for discovering this not earlier. If a moderator thinks that this is not the right place here, feel free to remove my posts.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘multiple full path disclosures’ is closed to new replies.
Skip to toolbar