Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

PHP Info www search and server info gathering

From: Chris Kennedy <ckennedy () GROOVY ORG>
Date: Fri, 20 Oct 2000 16:31:50 -0500
I am not sure if this is an issue that is seems bad for
a servers security to most people, but to me it is a
really bad looking problem.  The phpinfo() function
available from PHP versions gives out a _LOT_ of server
information, directories things are installed in, versions
etc.

Anyone who is not familiar with this page and the contents
can look below for examples in the search results I did
or do a search themselves and see.

This page is also super easy to find through a
search engine, like the ASP/PHP page error problem reported
in the past.  I did a lookup in Google for the following...

phpinfo() PHP Credits Version

I got this sort of output, which these URL's are giving out
more information than I expect the websites owners want,
and probably don't expect the page to be found so easily...

----
Untitled
... PHP 4.0 Credits. ... Apache API Version, 19990320. Hostname:Port, home.huseman.org:80.
User ... usr/local/apache_1.3.12/htdocs/misc/phpinfo.php. SERVER_ADDR, 24.9.201.167. ...
home.huseman.org/misc/phpinfo.php - 32k - Cached - Similar pages

Untitled
... PHP 4.0 Credits. ... Apache API Version, 19990320. Hostname:Port, alabama.inf.elte ... SCRIPT_FILENAME,
/home/toma/public_html/php/phpinfo.php. SERVER_ADDR, 157.181.162.4. ...
alabama.inf.elte.hu/~toma/php/phpinfo.php - 35k - Cached - Similar pages

Untitled
... PHP 4.0 Credits. ... Apache API Version, 19990320. Hostname:Port, steigman.ne ... 34939.
SCRIPT_FILENAME, /home/ms/public_html/phpinfo.php. SERVER_ADDR, 24.147.237.193. ...
steigman.ne.mediaone.net/~ms/phpinfo.php - 35k - Cached - Similar pages

crawler1.googlebot.com (64.209.181.52) Googlebot/2.1 (+http://.com
... PHP 4.0 Credits. ... Apache API Version, 19990320. Hostname:Port, biocat.ruc.dk:80. User ... com.
REMOTE_PORT, 40796. SCRIPT_FILENAME, /home/chlor/public_html/phpinfo.php. ...
biocat.ruc.dk/~chlor/phpinfo.php - 35k - Cached - Similar pages

Untitled
... PHP 4.0 Credits. ... Apache API Version, 19990320. Hostname/Port, www.kw.nl:80. User/Group, ... 46918.
SCRIPT_FILENAME, /home/user/pike/public_html/ScripTz/php/phpinfo.php. ...
www.kw.nl/~pike/ScripTz/php/phpinfo.php - 25k - Cached - Similar pages
----


Thanks,
Chris K
--
Chris Kennedy / getdown () groovy org
I-Land Internet Services / Network Operations Center
              \|/ ____ \|/
              "@'/ .. \`@"
              /_| \__/ |_\
                 \__U_/
-Linux SPARC Kernel Oops
Previous By Date Next
Previous By Thread Next

Current thread: