Re: [NSE] PHP version disclosure (OSVDB 12184)

[Gutek <ange.gutek () gmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

About the table, obviously you're right (and i feel confused : i
completely forgot cleaning this part before sending the script to the
list...)

A better study about this "vulnerability" can be found at
http://www.0php.com/php_easter_egg.php

If i prefer parsing the logo instead of other tricks (like credits),
it's because (if i make no mistake) all tricks but the special logos
depend on phpinfo(). I'm afraid that if this function has been disabled
the trick can not be triggered. I think that the special logos appear,
should phpinfo() be enabled or not.
Can someone clarify this point ?

Anyway, if i keep parsing the logo i'll edit the script so that it
checks the whole GIF instead of the first 9 bytes.

Thanks for the comments and advises !

A.G.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/

iEYEARECAAYFAkv+qQcACgkQ3aDTTO0ha7gqpwCfcdyRi492DeJCMyGcSYc7ZZvz
/NcAn1XpsmAzW9IREPdyAi/ZVQrvb4CH
=aQGG
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/