WebApp Sec: Re: Fwd: PHP Easter Eggs

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

WebApp Sec mailing list archives

Re: Fwd: PHP Easter Eggs

From: exon <exon () home se>
Date: Tue, 30 Nov 2004 09:53:56 +0100

Saqib.N.Ali () seagate com wrote:




Hello Andi,

I wouldn't classify this is a easter egg, especially since PHP provides a
way to disable it, and also because it is not something the PHP group is
trying to hide. Infact the setting to enable/disable this is very clearly
stated in the php.ini, and is called "expose_php" .

It is used for exposing what the webserver is running, just like server
signature e.g. "Apache/1.3.26 (Unix) mod_gzip/1.3.26.1a PHP/4.3.3-dev " .

Still, if you turn off the apache server-signature but leave theexpose_php = On, you can get to know that PHP is actually running bytrying one or more of these Eggs. It's a Bad Thing (tm) if you ask me.

The code should be removed from PHP altogether since it doesn't exactlyprovide much in the way of functionality. Possibly php_credits() couldbe added as a function, the way php_info() is now. That way nobody couldglean information unawares, but the info would still be there if youneed it (and it would be much easier to come by).

Thanks.
Saqib Ali
http://validate.sf.net

Andi McLean <andi_mclean () ntlworld com> wrote on 11/28/2004 05:21:38 AM:

Hi,

Does anyone know about the easter eggs in PHP?
I've just found out about them, My trust in PHP has just had a majorset


back,

as I'm wondering what other easter eggs there are and can any be used to
circumenvent the protection I have on my site.
I feel like I now need to have a look at the source code, to find out


what

else is there.

<anywebsite.that/uses.php>?=PHPE9568F36-D428-11d2-A769-00AA001ACF42

<anywebsite.thatuses.php>?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000

<anywebsite.thatuses.php>?=PHPE9568F34-D428-11d2-A769-00AA001ACF42

eg
www.jsane.com/index.php?=PHPE9568F36-D428-11d2-A769-00AA001ACF42
www.jsane.com/index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000
www.jsane.com/index.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42


Andi

By Date By Thread

Current thread:

Re: Fwd: PHP Easter Eggs, (continued)
- Re: Fwd: PHP Easter Eggs Alexander Klimov (Nov 29)
- Re: Fwd: PHP Easter Eggs Harald Nesland (Nov 29)
- Re: Fwd: PHP Easter Eggs RSnake (Nov 29)
- Re: PHP Easter Eggs q q (Nov 29)
- Re: Fwd: PHP Easter Eggs Saqib . N . Ali (Nov 30)
  - Re: Fwd: PHP Easter Eggs exon (Nov 30)
    - Re: PHP Easter Eggs Paul Fierro (Dec 01)
    - Re: PHP Easter Eggs Jimi Thompson (Dec 02)
    - Re: PHP Easter Eggs Griffiths, Ian (Dec 03)
    - SQL injection (no single quotes used) Juan Carlos Calderon (Dec 14)
    - Re: SQL injection (no single quotes used) Olivier G. Gaumond (Dec 15)