FPD (full path disclosure) What is it?
Basically it reveals the full operating url of a script, it returns an error displaying sometimes critical information, php being kind loves to be descriptive so it will come in use if say, your calling another php script for authentication.
While the risk is said to be petty, I believe it can become severe if your trying to hide something, even though its a very simple fix.
The above script is very basic, imagine it being in a login script
upon viewing the page it /should/ be blank, lets look behind the scenes, there are a couple of ways, i will reveal two of my most common.
Firefox with the LiveHttpHeaders addon
So there is a valid session going on, lets corrupt it
Warning: session_start() [function.session-start]: The session id contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in www\session_test.php on line 2
So there you go, as you can see it discloses what function is being used, the line number, and the file
to fix this, hmmm
display_errors = 'off'
php_flag display_errors off
and there are a couple inscript methods, use the php docs or just ask.
What do I need to improve in tutorials?