Title : Windows Based PHP Leaks True Path Author : Paul Brereton E-Mail : brereton_paul@btopenworld.com Summary : PHP for Windows reveals the true path where the program was installed. This would be considered in most cases sensitive information. Details : By appending /123 to the end of a PHP file such as http://somehost/database.php/123 the PHP program will return its install path: The following message is displayed : Premature end of script headers: C:/php/php.exe Regards, Paul Brereton.