Hey, I’ve just found a ‘full path disclosure’ in basic-google-maps-placemarks, so it’s not just a server configuration issue! I’ve tested it on different servers (including windows, ubuntu, CentOS etc…)
#PoC
So, if we visit wp-content/plugins/basic-google-maps-placemarks/unit-tests.php
it is clearly disclosing the full path as you can see in the following links:
And eventually, in my localhost too:
{F107116}
Well, not all websites using basic-google-maps-placemarks, have a server configuration issue, so it’s probably an issue in your plugin! :-)
###Impact:
Well, the possible impact is that if attacker gets into the server using other website, he might symlink and also get access to the site using that full path!
>> Request: Still if you are not going to fix this, please close as informativer
Cheers,
Ahsan