oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: PHP information disclosure via easter egg ?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000

From: Johannes Schlüter <johannes () php net>
Date: Thu, 28 Jun 2012 12:34:17 +0200
Hi,

On Wed, 2012-06-27 at 23:12 -0600, Kurt Seifried wrote:

http://php.net/?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000

shows authors, SAPI modules (and their authors) and normal modules
(and their authors), resulting in a significant information disclosure
(version #'s can be narrowed down from the authors list).


I have barely seen attackers actually trying to figure out the version
number. 99% are directly trying to exploit known vectors using some
scripts. And to get the version number there's a way simpler way, also
controlled using the same php.ini setting:

    $ echo "HEAD / HTTP/1.0\n" | nc www.php.net 80 | grep PHP
    Server: Apache/1.3.41 (Unix) PHP/5.2.17
    X-Powered-By: PHP/5.2.17

johannes
Previous By Date Next
Previous By Thread Next

Current thread: