WebApp Sec mailing list archives

Re: Fwd: PHP Easter Eggs

From: RSnake <rsnake () shocking com>
Date: Mon, 29 Nov 2004 09:58:30 -0800 (PST)


        Congrats, Andi on finding this.  It's just another great way to
        do fingerprinting on a site (this should probably be built into
        scanning tools as it's a pretty reliable fingerprint).  You can
        find out which version is running as they are nice enough
        to tell you in the credits and the images are different in
        different versions.  So far I have found a number of
        sites with very old versions by using this technique.  I'm
        almost sure this could be used as another type of attack vector
        where you just need a PHP script to return a lot of data to
        another PHP script.  I realize this can be turned off but in the
        10 minutes of checking not one of the sites I looked at had.

On Sun, 28 Nov 2004, Andi McLean wrote:

| Date: Sun, 28 Nov 2004 13:21:38 +0000
| From: Andi McLean <andi_mclean () ntlworld com>
| To: webappsec () securityfocus com
| Subject: Fwd: PHP Easter Eggs
| 
| Hi,
| 
| Does anyone know about the easter eggs in PHP?
| I've just found out about them, My trust in PHP has just had a major set back, 
| as I'm wondering what other easter eggs there are and can any be used to 
| circumenvent the protection I have on my site.
| I feel like I now need to have a look at the source code, to find out what 
| else is there.
| 
| <anywebsite.that/uses.php>?=PHPE9568F36-D428-11d2-A769-00AA001ACF42
| 
| <anywebsite.thatuses.php>?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000
| 
| <anywebsite.thatuses.php>?=PHPE9568F34-D428-11d2-A769-00AA001ACF42
| 
| eg
| www.jsane.com/index.php?=PHPE9568F36-D428-11d2-A769-00AA001ACF42
| www.jsane.com/index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000
| www.jsane.com/index.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42
| 
| 
| Andi
| 

-R

The information in this email is confidential and may be legally
privileged.  It is intended solely for the addressee.  Access to
this email by anyone else is unauthorized.  If you are not the
intended recipient, any disclosure, copying, distribution or any
action taken or omitted to be taken in reliance on it is 
expressly prohibited and may be unlawful.

Current thread:

Fwd: PHP Easter Eggs Andi McLean (Nov 29)
- Re: Fwd: PHP Easter Eggs Astarna (Nov 29)
- Re: PHP Easter Eggs Griffiths, Ian (Nov 29)
- Re: PHP Easter Eggs Serban Gh. Ghita (Nov 29)
- Re: PHP Easter Eggs Serban Gh. Ghita (Nov 29)
  - Re: PHP Easter Eggs Harrison Gladden (Nov 30)
    - RE: PHP Easter Eggs V. Poddubnyy (Dec 01)
    - Re: PHP Easter Eggs Antonio Varni (Dec 08)
- Re: Fwd: PHP Easter Eggs Alexander Klimov (Nov 29)
- Re: Fwd: PHP Easter Eggs Harald Nesland (Nov 29)
- Re: Fwd: PHP Easter Eggs RSnake (Nov 29)
- Re: PHP Easter Eggs q q (Nov 29)
- Re: Fwd: PHP Easter Eggs Saqib . N . Ali (Nov 30)
  - Re: Fwd: PHP Easter Eggs exon (Nov 30)
    - Re: PHP Easter Eggs Paul Fierro (Dec 01)
    - Re: PHP Easter Eggs Jimi Thompson (Dec 02)
    - Re: PHP Easter Eggs Griffiths, Ian (Dec 03)
    - SQL injection (no single quotes used) Juan Carlos Calderon (Dec 14)
    - Re: SQL injection (no single quotes used) Olivier G. Gaumond (Dec 15)
    - Re: SQL injection (no single quotes used) Juan Carlos (Dec 15)
    - RE: SQL injection (no single quotes used) Brett Moore (Dec 16)

(Thread continues...)