WebApp Sec mailing list archives
Re: PHP Easter Eggs
From: Devin Egan <devin () devinegan com>
Date: Mon, 29 Nov 2004 10:54:31 -0700
A couple of things...1) Website regarding the easter eggs, it appears you do need to have expose php ON:
http://www.phpfreaks.com/articles/84/0.php2) I quickly looked at the php-5.0.0 source and noticed the Easter Egg "keys" in this file...
ext/standard/info.h from that file: #endif /* HAVE_CREDITS_DEFS */ #define PHP_LOGO_GUID "PHPE9568F34-D428-11d2-A769-00AA001ACF42" #define PHP_EGG_LOGO_GUID "PHPE9568F36-D428-11d2-A769-00AA001ACF42" #define ZEND_LOGO_GUID "PHPE9568F35-D428-11d2-A769-00AA001ACF42" #define PHP_CREDITS_GUID "PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000" Just my observations... On Nov 29, 2004, at 9:19 AM, Krul Thomas wrote:
I think you must have the "expose_php" value in your php.ini set to ON inorder for this to work. -----Original Message----- From: Andi McLean [mailto:andi_mclean () ntlworld com] Sent: Sunday, November 28, 2004 8:22 AM To: webappsec () securityfocus com Subject: Fwd: PHP Easter Eggs Hi, Does anyone know about the easter eggs in PHP?I've just found out about them, My trust in PHP has just had a major setback,as I'm wondering what other easter eggs there are and can any be used tocircumenvent the protection I have on my site.I feel like I now need to have a look at the source code, to find out whatelse is there. <anywebsite.that/uses.php>?=PHPE9568F36-D428-11d2-A769-00AA001ACF42 <anywebsite.thatuses.php>?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 <anywebsite.thatuses.php>?=PHPE9568F34-D428-11d2-A769-00AA001ACF42 eg www.jsane.com/index.php?=PHPE9568F36-D428-11d2-A769-00AA001ACF42 www.jsane.com/index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 www.jsane.com/index.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42 Andi
Current thread:
- Re: PHP Easter Eggs, (continued)
- Re: PHP Easter Eggs Jimi Thompson (Dec 02)
- Re: PHP Easter Eggs Griffiths, Ian (Dec 03)
- SQL injection (no single quotes used) Juan Carlos Calderon (Dec 14)
- Re: SQL injection (no single quotes used) Olivier G. Gaumond (Dec 15)
- Re: SQL injection (no single quotes used) Juan Carlos (Dec 15)
- RE: SQL injection (no single quotes used) Brett Moore (Dec 16)
- RE: SQL injection (no single quotes used) Mutallip Ablimit (Dec 15)
- Re: SQL injection (no single quotes used) PD9 Software (Dec 16)
- Re: SQL injection (no single quotes used) Adam Tuliper (Dec 15)
- Re: PHP Easter Eggs Devin Egan (Nov 29)
- Re: PHP Easter Eggs Rick Crelia (Dec 08)
- Re: PHP Easter Eggs James Barkley (Dec 14)