Nmap Development mailing list archives
Re: [NSE] PHP version disclosure (OSVDB 12184)
From: Gutek <ange.gutek () gmail com>
Date: Thu, 27 May 2010 19:16:55 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 About the table, obviously you're right (and i feel confused : i completely forgot cleaning this part before sending the script to the list...) A better study about this "vulnerability" can be found at http://www.0php.com/php_easter_egg.php If i prefer parsing the logo instead of other tricks (like credits), it's because (if i make no mistake) all tricks but the special logos depend on phpinfo(). I'm afraid that if this function has been disabled the trick can not be triggered. I think that the special logos appear, should phpinfo() be enabled or not. Can someone clarify this point ? Anyway, if i keep parsing the logo i'll edit the script so that it checks the whole GIF instead of the first 9 bytes. Thanks for the comments and advises ! A.G. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iEYEARECAAYFAkv+qQcACgkQ3aDTTO0ha7gqpwCfcdyRi492DeJCMyGcSYc7ZZvz /NcAn1XpsmAzW9IREPdyAi/ZVQrvb4CH =aQGG -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] PHP version disclosure (OSVDB 12184) Gutek (May 22)
- Re: [NSE] PHP version disclosure (OSVDB 12184) David Fifield (May 27)
- Re: [NSE] PHP version disclosure (OSVDB 12184) Gutek (May 27)
- Re: [NSE] PHP version disclosure (OSVDB 12184) Gutek (May 29)
- Re: [NSE] PHP version disclosure (OSVDB 12184) David Fifield (Jun 18)
- Re: [NSE] PHP version disclosure (OSVDB 12184) David Fifield (May 27)