Re: PHP Easter Eggs

[Devin Egan <devin () devinegan com>]

A couple of things...

1) Website regarding the easter eggs, it appears you do need to have 
expose php ON:
http://www.phpfreaks.com/articles/84/0.php

2) I quickly looked at the php-5.0.0 source and noticed the Easter Egg 
"keys" in this file...
ext/standard/info.h

from that file:
#endif /* HAVE_CREDITS_DEFS */

#define PHP_LOGO_GUID        "PHPE9568F34-D428-11d2-A769-00AA001ACF42"
#define PHP_EGG_LOGO_GUID  "PHPE9568F36-D428-11d2-A769-00AA001ACF42"
#define ZEND_LOGO_GUID     "PHPE9568F35-D428-11d2-A769-00AA001ACF42"
#define PHP_CREDITS_GUID  "PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000"

Just my observations...


On Nov 29, 2004, at 9:19 AM, Krul Thomas wrote:

> I think you must have the "expose_php" value in your php.ini set to ON 
> in
> order for this to work.
>
> -----Original Message-----
> From: Andi McLean [mailto:andi_mclean () ntlworld com]
> Sent: Sunday, November 28, 2004 8:22 AM
> To: webappsec () securityfocus com
> Subject: Fwd: PHP Easter Eggs
>
>
> Hi,
>
> Does anyone know about the easter eggs in PHP?
> I've just found out about them, My trust in PHP has just had a major 
> set
> back,
> as I'm wondering what other easter eggs there are and can any be used 
> to
> circumenvent the protection I have on my site.
> I feel like I now need to have a look at the source code, to find out 
> what
> else is there.
>
> <anywebsite.that/uses.php>?=PHPE9568F36-D428-11d2-A769-00AA001ACF42
>
> <anywebsite.thatuses.php>?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000
>
> <anywebsite.thatuses.php>?=PHPE9568F34-D428-11d2-A769-00AA001ACF42
>
> eg www.jsane.com/index.php?=PHPE9568F36-D428-11d2-A769-00AA001ACF42
> www.jsane.com/index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000
> www.jsane.com/index.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42
>
>
> Andi