Hello,

This thing at least shows PHP version installed on the server, so attacker
will be able to use some vulnerability that is not fixed in that version.

--
Best regards,
Vladimir Poddubnyy

> -----Original Message-----
> From: Harrison Gladden [mailto:hgladden (at) gmail (dot) com [email concealed]]
> Sent: Tuesday, November 30, 2004 5:41 AM
> To: Serban Gh. Ghita
> Cc: Andi McLean; webappsec (at) securityfocus (dot) com [email concealed]
> Subject: Re: PHP Easter Eggs
>
> maybe it's me, but i'm failing to see the "big picture" here
> as far as security is concerned. It seems to me that this
> would only confirm to the evil user that yes you are running
> php, thereby allowing him to find php specific vulns?? Or is
> there something else i'm missing here.
>
> ~Harrison
>
> On Tue, 30 Nov 2004 06:12:00 +0200, Serban Gh. Ghita
> <serban (at) verasys (dot) ro [email concealed]> wrote:
> > interesting, but very risking. i am wondering if an evil user could
> > exploit this and create hoaxes using this 'easter eggs'
> > i also wonder what impact could have this over the big companies
> > websites that are using php ;-)
> >
> >
> >
> > Serban Gh. Ghita
> > coordonator departament IT
> > VERASYS International
> > serban (at) verasys (dot) ro [email concealed]
> > zamolxe (at) php (dot) net [email concealed]
> > http://www.verasys.ro
> > phone1: +40-251-406.152
> > phone2: +40-251-406.153
> > cell: +40-788.28.29.10
> >
> > ----- Original Message -----
> > From: "Andi McLean" <andi_mclean (at) ntlworld (dot) com [email concealed]>
> > To: <webappsec (at) securityfocus (dot) com [email concealed]>
> > Sent: Sunday, November 28, 2004 3:21 PM
> > Subject: Fwd: PHP Easter Eggs
> >
> > > Hi,
> > >
> > > Does anyone know about the easter eggs in PHP?
> > > I've just found out about them, My trust in PHP has just
> had a major
> > > set
> > back,
> > > as I'm wondering what other easter eggs there are and can any be
> > > used to circumenvent the protection I have on my site.
> > > I feel like I now need to have a look at the source code, to find
> > > out what else is there.
> > >
> > >
> <anywebsite.that/uses.php>?=PHPE9568F36-D428-11d2-A769-00AA001ACF42
> > >
> > > <anywebsite.thatuses.php>?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000
> > >
> > > <anywebsite.thatuses.php>?=PHPE9568F34-D428-11d2-A769-00AA001ACF42
> > >
> > > eg
> > > www.jsane.com/index.php?=PHPE9568F36-D428-11d2-A769-00AA001ACF42
> > > www.jsane.com/index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000
> > > www.jsane.com/index.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42
> > >
> > >
> > > Andi
> >
> >
>
>
> --
> ___________________________________
> Harrison Gladden <hgladden (at) gmail (dot) com [email concealed]>
> Computer Engineer & Science Major
> ~Past experience: He who never makes
> mistakes, never did anything that's worth.~
>

[ reply ]

Hello,<br/>
<br/>
This thing at least shows PHP version installed on the server, so attacker<br/>
will be able to use some vulnerability that is not fixed in that version.<br/>
<br/>
--<br/>
Best regards,<br/>
Vladimir Poddubnyy<br/>
<br/>
> -----Original Message-----<br/>
> From: Harrison Gladden [mailto:hgladden (at) gmail (dot) com [email concealed]] <br/>
> Sent: Tuesday, November 30, 2004 5:41 AM<br/>
> To: Serban Gh. Ghita<br/>
> Cc: Andi McLean; webappsec (at) securityfocus (dot) com [email concealed]<br/>
> Subject: Re: PHP Easter Eggs<br/>
> <br/>
> maybe it's me, but i'm failing to see the "big picture" here <br/>
> as far as security is concerned. It seems to me that this <br/>
> would only confirm to the evil user that yes you are running <br/>
> php, thereby allowing him to find php specific vulns?? Or is <br/>
> there something else i'm missing here.<br/>
> <br/>
> ~Harrison<br/>
> <br/>
> On Tue, 30 Nov 2004 06:12:00 +0200, Serban Gh. Ghita <br/>
> <serban (at) verasys (dot) ro [email concealed]> wrote:<br/>
> > interesting, but very risking. i am wondering if an evil user could <br/>
> > exploit this and create hoaxes using this 'easter eggs'<br/>
> > i also wonder what impact could have this over the big companies <br/>
> > websites that are using php ;-)<br/>
> > <br/>
> > <br/>
> > <br/>
> > Serban Gh. Ghita<br/>
> > coordonator departament IT<br/>
> > VERASYS International<br/>
> > serban (at) verasys (dot) ro [email concealed]<br/>
> > zamolxe (at) php (dot) net [email concealed]<br/>
> > http://www.verasys.ro<br/>
> > phone1: +40-251-406.152<br/>
> > phone2: +40-251-406.153<br/>
> > cell: +40-788.28.29.10<br/>
> > <br/>
> > ----- Original Message -----<br/>
> > From: "Andi McLean" <andi_mclean (at) ntlworld (dot) com [email concealed]><br/>
> > To: <webappsec (at) securityfocus (dot) com [email concealed]><br/>
> > Sent: Sunday, November 28, 2004 3:21 PM<br/>
> > Subject: Fwd: PHP Easter Eggs<br/>
> > <br/>
> > > Hi,<br/>
> > ><br/>
> > > Does anyone know about the easter eggs in PHP?<br/>
> > > I've just found out about them, My trust in PHP has just <br/>
> had a major <br/>
> > > set<br/>
> > back,<br/>
> > > as I'm wondering what other easter eggs there are and can any be <br/>
> > > used to circumenvent the protection I have on my site.<br/>
> > > I feel like I now need to have a look at the source code, to find <br/>
> > > out what else is there.<br/>
> > ><br/>
> > > <br/>
> <anywebsite.that/uses.php>?=PHPE9568F36-D428-11d2-A769-00AA001ACF4
2<br/>
> > ><br/>
> > > <anywebsite.thatuses.php>?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000
<br/>
> > ><br/>
> > > <anywebsite.thatuses.php>?=PHPE9568F34-D428-11d2-A769-00AA001ACF42
<br/>
> > ><br/>
> > > eg<br/>
> > > www.jsane.com/index.php?=PHPE9568F36-D428-11d2-A769-00AA001ACF42<br/>
> > > www.jsane.com/index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000<br/>
> > > www.jsane.com/index.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42<br/>
> > ><br/>
> > ><br/>
> > > Andi<br/>
> > <br/>
> > <br/>
> <br/>
> <br/>
> --<br/>
> ___________________________________<br/>
> Harrison Gladden <hgladden (at) gmail (dot) com [email concealed]><br/>
> Computer Engineer & Science Major<br/>
> ~Past experience: He who never makes <br/>
> mistakes, never did anything that's worth.~<br/>
>

[ reply ]