The documentation only states that this particular flag enables/disables
the PHP string that's sent back in the headers. But it does not mention
that it alters the semantics of GET statements when appended by a certain
"magic" string. So this part of the behaviour counts as Easter Egg (and
potential security problem)
Saqib.N.Ali_at_seagate.com
29.11.2004 17:17
An: andi_mclean_at_ntlworld.com
Kopie: webappsec_at_securityfocus.com
Thema: Re: Fwd: PHP Easter Eggs
Hello Andi,
I wouldn't classify this is a easter egg, especially since PHP provides a
way to disable it, and also because it is not something the PHP group is
trying to hide. Infact the setting to enable/disable this is very clearly
stated in the php.ini, and is called "expose_php" .
It is used for exposing what the webserver is running, just like server
signature e.g. "Apache/1.3.26 (Unix) mod_gzip/1.3.26.1a PHP/4.3.3-dev " .
Thanks.
Saqib Ali
http://validate.sf.net
Andi McLean <andi_mclean_at_ntlworld.com> wrote on 11/28/2004 05:21:38 AM:
> Hi,
>
> Does anyone know about the easter eggs in PHP?
> I've just found out about them, My trust in PHP has just had a majorset
back,
> as I'm wondering what other easter eggs there are and can any be used to
> circumenvent the protection I have on my site.
> I feel like I now need to have a look at the source code, to find out
what
> else is there.
>
> <anywebsite.that/uses.php>?=PHPE9568F36-D428-11d2-A769-00AA001ACF42
>
> <anywebsite.thatuses.php>?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000
>
> <anywebsite.thatuses.php>?=PHPE9568F34-D428-11d2-A769-00AA001ACF42
>
> eg
> www.jsane.com/index.php?=PHPE9568F36-D428-11d2-A769-00AA001ACF42
> www.jsane.com/index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000
> www.jsane.com/index.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42
>
>
> Andi
Received on Nov 30 2004
Intro
