Saqib.N.Ali (at) seagate (dot) com [email concealed] wrote:
>
>
>
> Hello Andi,
>
> I wouldn't classify this is a easter egg, especially since PHP provides a
> way to disable it, and also because it is not something the PHP group is
> trying to hide. Infact the setting to enable/disable this is very clearly
> stated in the php.ini, and is called "expose_php" .
>
> It is used for exposing what the webserver is running, just like server
> signature e.g. "Apache/1.3.26 (Unix) mod_gzip/1.3.26.1a PHP/4.3.3-dev " .
>

Still, if you turn off the apache server-signature but leave the
expose_php = On, you can get to know that PHP is actually running by
trying one or more of these Eggs. It's a Bad Thing (tm) if you ask me.

The code should be removed from PHP altogether since it doesn't exactly
provide much in the way of functionality. Possibly php_credits() could
be added as a function, the way php_info() is now. That way nobody could
glean information unawares, but the info would still be there if you
need it (and it would be much easier to come by).

> Thanks.
> Saqib Ali
> http://validate.sf.net
>
> Andi McLean <andi_mclean (at) ntlworld (dot) com [email concealed]> wrote on 11/28/2004 05:21:38 AM:
>
>
>>Hi,
>>
>>Does anyone know about the easter eggs in PHP?
>>I've just found out about them, My trust in PHP has just had a majorset
>
> back,
>
>>as I'm wondering what other easter eggs there are and can any be used to
>>circumenvent the protection I have on my site.
>>I feel like I now need to have a look at the source code, to find out
>
> what
>
>>else is there.
>>
>><anywebsite.that/uses.php>?=PHPE9568F36-D428-11d2-A769-00AA001ACF42
>>
>><anywebsite.thatuses.php>?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000
>>
>><anywebsite.thatuses.php>?=PHPE9568F34-D428-11d2-A769-00AA001ACF42
>>
>>eg
>>www.jsane.com/index.php?=PHPE9568F36-D428-11d2-A769-00AA001ACF42
>>www.jsane.com/index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000
>>www.jsane.com/index.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42
>>
>>
>>Andi
>
>
>
>

[ reply ]

Saqib.N.Ali (at) seagate (dot) com [email concealed] wrote:<br/>
> <br/>
> <br/>
> <br/>
> Hello Andi,<br/>
> <br/>
> I wouldn't classify this is a easter egg, especially since PHP provides a<br/>
> way to disable it, and also because it is not something the PHP group is<br/>
> trying to hide. Infact the setting to enable/disable this is very clearly<br/>
> stated in the php.ini, and is called "expose_php" .<br/>
> <br/>
> It is used for exposing what the webserver is running, just like server<br/>
> signature e.g. "Apache/1.3.26 (Unix) mod_gzip/1.3.26.1a PHP/4.3.3-dev " .<br/>
><br/>
<br/>
Still, if you turn off the apache server-signature but leave the <br/>
expose_php = On, you can get to know that PHP is actually running by <br/>
trying one or more of these Eggs. It's a Bad Thing (tm) if you ask me.<br/>
<br/>
The code should be removed from PHP altogether since it doesn't exactly <br/>
provide much in the way of functionality. Possibly php_credits() could <br/>
be added as a function, the way php_info() is now. That way nobody could <br/>
glean information unawares, but the info would still be there if you <br/>
need it (and it would be much easier to come by).<br/>
<br/>
> Thanks.<br/>
> Saqib Ali<br/>
> http://validate.sf.net<br/>
> <br/>
> Andi McLean <andi_mclean (at) ntlworld (dot) com [email concealed]> wrote on 11/28/2004 05:21:38 AM:<br/>
> <br/>
> <br/>
>>Hi,<br/>
>><br/>
>>Does anyone know about the easter eggs in PHP?<br/>
>>I've just found out about them, My trust in PHP has just had a majorset<br/>
> <br/>
> back,<br/>
> <br/>
>>as I'm wondering what other easter eggs there are and can any be used to<br/>
>>circumenvent the protection I have on my site.<br/>
>>I feel like I now need to have a look at the source code, to find out<br/>
> <br/>
> what<br/>
> <br/>
>>else is there.<br/>
>><br/>
>><anywebsite.that/uses.php>?=PHPE9568F36-D428-11d2-A769-00A
A001ACF42<br/>
>><br/>
>><anywebsite.thatuses.php>?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B
08C10000<br/>
>><br/>
>><anywebsite.thatuses.php>?=PHPE9568F34-D428-11d2-A769-00AA
001ACF42<br/>
>><br/>
>>eg<br/>
>>www.jsane.com/index.php?=PHPE9568F36-D428-11d2-A769-00AA001ACF42
<br/>
>>www.jsane.com/index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000
<br/>
>>www.jsane.com/index.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42
<br/>
>><br/>
>><br/>
>>Andi<br/>
> <br/>
> <br/>
> <br/>
>

[ reply ]