|
Vulnerability PHP Affected PHP Description Chris Kennedy found following. The phpinfo() function available from PHP versions gives out a _LOT_ of server information, directories things are installed in, versions etc. Anyone who is not familiar with this page and the contents can look below for examples in the search results I did or do a search themselves and see. This page is also super easy to find through a search engine, like the ASP/PHP page error problem reported in the past. If You do a lookup in Google for the following... phpinfo() PHP Credits Version You'll get this sort of output, which these URL's are giving out more information than You would expect the websites owners want, and probably don't expect the page to be found so easily... Untitled ... PHP 4.0 Credits. ... Apache API Version, 19990320. Hostname:Port, home.huseman.org:80. User ... usr/local/apache_1.3.12/htdocs/misc/phpinfo.php. SERVER_ADDR, 24.9.201.167. ... home.huseman.org/misc/phpinfo.php - 32k - Cached - Similar pages Untitled ... PHP 4.0 Credits. ... Apache API Version, 19990320. Hostname:Port, alabama.inf.elte ... SCRIPT_FILENAME, /home/toma/public_html/php/phpinfo.php. SERVER_ADDR, 157.181.162.4. ... alabama.inf.elte.hu/~toma/php/phpinfo.php - 35k - Cached - Similar pages Untitled ... PHP 4.0 Credits. ... Apache API Version, 19990320. Hostname:Port, steigman.ne ... 34939. SCRIPT_FILENAME, /home/ms/public_html/phpinfo.php. SERVER_ADDR, 24.147.237.193. ... steigman.ne.mediaone.net/~ms/phpinfo.php - 35k - Cached - Similar pages crawler1.googlebot.com (64.209.181.52) Googlebot/2.1 (+http://.com ... PHP 4.0 Credits. ... Apache API Version, 19990320. Hostname:Port, biocat.ruc.dk:80. User ... com. REMOTE_PORT, 40796. SCRIPT_FILENAME, /home/chlor/public_html/phpinfo.php. ... biocat.ruc.dk/~chlor/phpinfo.php - 35k - Cached - Similar pages Untitled ... PHP 4.0 Credits. ... Apache API Version, 19990320. Hostname/Port, www.kw.nl:80. User/Group, ... 46918. SCRIPT_FILENAME, /home/user/pike/public_html/ScripTz/php/phpinfo.php. ... www.kw.nl/~pike/ScripTz/php/phpinfo.php - 25k - Cached - Similar pages Solution Nothing yet.