WebApp Sec mailing list archives
RE: PHP Easter Eggs
From: "V. Poddubnyy" <vpoddubniy () mail ru>
Date: Tue, 30 Nov 2004 22:39:57 +0300
Hello, This thing at least shows PHP version installed on the server, so attacker will be able to use some vulnerability that is not fixed in that version. -- Best regards, Vladimir Poddubnyy
-----Original Message----- From: Harrison Gladden [mailto:hgladden () gmail com] Sent: Tuesday, November 30, 2004 5:41 AM To: Serban Gh. Ghita Cc: Andi McLean; webappsec () securityfocus com Subject: Re: PHP Easter Eggs maybe it's me, but i'm failing to see the "big picture" here as far as security is concerned. It seems to me that this would only confirm to the evil user that yes you are running php, thereby allowing him to find php specific vulns?? Or is there something else i'm missing here. ~Harrison On Tue, 30 Nov 2004 06:12:00 +0200, Serban Gh. Ghita <serban () verasys ro> wrote:interesting, but very risking. i am wondering if an evil user could exploit this and create hoaxes using this 'easter eggs' i also wonder what impact could have this over the big companies websites that are using php ;-) Serban Gh. Ghita coordonator departament IT VERASYS International serban () verasys ro zamolxe () php net http://www.verasys.ro phone1: +40-251-406.152 phone2: +40-251-406.153 cell: +40-788.28.29.10 ----- Original Message ----- From: "Andi McLean" <andi_mclean () ntlworld com> To: <webappsec () securityfocus com> Sent: Sunday, November 28, 2004 3:21 PM Subject: Fwd: PHP Easter EggsHi, Does anyone know about the easter eggs in PHP? I've just found out about them, My trust in PHP has justhad a majorsetback,as I'm wondering what other easter eggs there are and can any be used to circumenvent the protection I have on my site. I feel like I now need to have a look at the source code, to find out what else is there.<anywebsite.that/uses.php>?=PHPE9568F36-D428-11d2-A769-00AA001ACF42<anywebsite.thatuses.php>?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 <anywebsite.thatuses.php>?=PHPE9568F34-D428-11d2-A769-00AA001ACF42 eg www.jsane.com/index.php?=PHPE9568F36-D428-11d2-A769-00AA001ACF42 www.jsane.com/index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 www.jsane.com/index.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42 Andi-- ___________________________________ Harrison Gladden <hgladden () gmail com> Computer Engineer & Science Major ~Past experience: He who never makes mistakes, never did anything that's worth.~
Current thread:
- Fwd: PHP Easter Eggs Andi McLean (Nov 29)
- Re: Fwd: PHP Easter Eggs Astarna (Nov 29)
- Re: PHP Easter Eggs Griffiths, Ian (Nov 29)
- Re: PHP Easter Eggs Serban Gh. Ghita (Nov 29)
- Re: PHP Easter Eggs Serban Gh. Ghita (Nov 29)
- Re: PHP Easter Eggs Harrison Gladden (Nov 30)
- RE: PHP Easter Eggs V. Poddubnyy (Dec 01)
- Re: PHP Easter Eggs Antonio Varni (Dec 08)
- Re: PHP Easter Eggs Harrison Gladden (Nov 30)
- Re: Fwd: PHP Easter Eggs Alexander Klimov (Nov 29)
- Re: Fwd: PHP Easter Eggs Harald Nesland (Nov 29)
- Re: Fwd: PHP Easter Eggs RSnake (Nov 29)
- Re: PHP Easter Eggs q q (Nov 29)
- Re: Fwd: PHP Easter Eggs Saqib . N . Ali (Nov 30)
- Re: Fwd: PHP Easter Eggs exon (Nov 30)
- Re: PHP Easter Eggs Paul Fierro (Dec 01)
- Re: PHP Easter Eggs Jimi Thompson (Dec 02)
- Re: PHP Easter Eggs Griffiths, Ian (Dec 03)
- Re: Fwd: PHP Easter Eggs exon (Nov 30)