Hi,
As in title, you can see physical patch of the site or i
could be use to script inject exploit.
I type in my browser:
e.g. www.xoops.org/header.php
and get:
Warning: main
(XOOPS_ROOT_PATH/class/xoopsblock.php)
[function.main]: failed to create stream: No such file or
directory in /home/xoops/public_html/header.php on line
28
Warning: main() [function.main]: Failed
opening 'XOOPS_ROOT_PATH/class/xoopsblock.php'
for inclusion (include_path='.:/usr/local/lib/php')
in /home/xoops/public_html/header.php on line 28
Warning: main
(XOOPS_ROOT_PATH/class/template.php)
[function.main]: failed to create stream: No such file or
directory in /home/xoops/public_html/header.php on line
62
Fatal error: main() [function.main]: Failed opening
required 'XOOPS_ROOT_PATH/class/template.php'
(include_path='.:/usr/local/lib/php')
in /home/xoops/public_html/header.php on line 62
the header.php cointains:
include_once
XOOPS_ROOT_PATH.'/class/xoopsblock.php';
so if we can change XOOPS_ROOT_PATH we can run
a bad xoopsblock.php (if we have on
www.myserver.com/class/xoopsblock.php)
I don't know if it serious, but I've found in other files
something like that.
KubaZ