TUCoPS :: Web :: PHP :: php4.htm

PHP - phpinfo() may give out too much information 
Vulnerability

    PHP

Affected

    PHP

Description

    Chris Kennedy found following.   The phpinfo() function  available
    from  PHP  versions  gives  out  a  _LOT_  of  server information,
    directories things are installed in, versions etc.

    Anyone who  is not  familiar with  this page  and the contents can
    look below for examples in the search results I did or do a search
    themselves and see.  This page is also super easy to find  through
    a search engine, like the  ASP/PHP page error problem reported  in
    the past.  If You do a lookup in Google for the following...

        phpinfo() PHP Credits Version

    You'll get this sort of  output, which these URL's are  giving out
    more information than You  would expect the websites  owners want,
    and probably don't expect the page to be found so easily...

        Untitled
        ... PHP 4.0 Credits. ... Apache API Version, 19990320. Hostname:Port, home.huseman.org:80.
        User ... usr/local/apache_1.3.12/htdocs/misc/phpinfo.php. SERVER_ADDR, 24.9.201.167. ...
        home.huseman.org/misc/phpinfo.php - 32k - Cached - Similar pages
        
        Untitled
        ... PHP 4.0 Credits. ... Apache API Version, 19990320. Hostname:Port, alabama.inf.elte ... SCRIPT_FILENAME,
        /home/toma/public_html/php/phpinfo.php. SERVER_ADDR, 157.181.162.4. ...
        alabama.inf.elte.hu/~toma/php/phpinfo.php - 35k - Cached - Similar pages
        
        Untitled
        ... PHP 4.0 Credits. ... Apache API Version, 19990320. Hostname:Port, steigman.ne ... 34939.
        SCRIPT_FILENAME, /home/ms/public_html/phpinfo.php. SERVER_ADDR, 24.147.237.193. ...
        steigman.ne.mediaone.net/~ms/phpinfo.php - 35k - Cached - Similar pages
        
        crawler1.googlebot.com (64.209.181.52) Googlebot/2.1 (+http://.com
        ... PHP 4.0 Credits. ... Apache API Version, 19990320. Hostname:Port, biocat.ruc.dk:80. User ... com.
        REMOTE_PORT, 40796. SCRIPT_FILENAME, /home/chlor/public_html/phpinfo.php. ...
        biocat.ruc.dk/~chlor/phpinfo.php - 35k - Cached - Similar pages
        
        Untitled
        ... PHP 4.0 Credits. ... Apache API Version, 19990320. Hostname/Port, www.kw.nl:80. User/Group, ... 46918.
        SCRIPT_FILENAME, /home/user/pike/public_html/ScripTz/php/phpinfo.php. ...
        www.kw.nl/~pike/ScripTz/php/phpinfo.php - 25k - Cached - Similar pages

Solution

    Nothing yet.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH