[17307] in bugtraq
PHP Info www search and server info gathering
daemon@ATHENA.MIT.EDU (Chris Kennedy)
Mon Oct 23 15:05:56 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Message-Id: <20001020163149.D671@GROOVY.ORG>
Date: Fri, 20 Oct 2000 16:31:50 -0500
Reply-To: Chris Kennedy <ckennedy@GROOVY.ORG>
From: Chris Kennedy <ckennedy@GROOVY.ORG>
To: BUGTRAQ@SECURITYFOCUS.COM
I am not sure if this is an issue that is seems bad for
a servers security to most people, but to me it is a
really bad looking problem. The phpinfo() function
available from PHP versions gives out a _LOT_ of server
information, directories things are installed in, versions
etc.
Anyone who is not familiar with this page and the contents
can look below for examples in the search results I did
or do a search themselves and see.
This page is also super easy to find through a
search engine, like the ASP/PHP page error problem reported
in the past. I did a lookup in Google for the following...
phpinfo() PHP Credits Version
I got this sort of output, which these URL's are giving out
more information than I expect the websites owners want,
and probably don't expect the page to be found so easily...
----
Untitled
... PHP 4.0 Credits. ... Apache API Version, 19990320. Hostname:Port, home.huseman.org:80.
User ... usr/local/apache_1.3.12/htdocs/misc/phpinfo.php. SERVER_ADDR, 24.9.201.167. ...
home.huseman.org/misc/phpinfo.php - 32k - Cached - Similar pages
Untitled
... PHP 4.0 Credits. ... Apache API Version, 19990320. Hostname:Port, alabama.inf.elte ... SCRIPT_FILENAME,
/home/toma/public_html/php/phpinfo.php. SERVER_ADDR, 157.181.162.4. ...
alabama.inf.elte.hu/~toma/php/phpinfo.php - 35k - Cached - Similar pages
Untitled
... PHP 4.0 Credits. ... Apache API Version, 19990320. Hostname:Port, steigman.ne ... 34939.
SCRIPT_FILENAME, /home/ms/public_html/phpinfo.php. SERVER_ADDR, 24.147.237.193. ...
steigman.ne.mediaone.net/~ms/phpinfo.php - 35k - Cached - Similar pages
crawler1.googlebot.com (64.209.181.52) Googlebot/2.1 (+http://.com
... PHP 4.0 Credits. ... Apache API Version, 19990320. Hostname:Port, biocat.ruc.dk:80. User ... com.
REMOTE_PORT, 40796. SCRIPT_FILENAME, /home/chlor/public_html/phpinfo.php. ...
biocat.ruc.dk/~chlor/phpinfo.php - 35k - Cached - Similar pages
Untitled
... PHP 4.0 Credits. ... Apache API Version, 19990320. Hostname/Port, www.kw.nl:80. User/Group, ... 46918.
SCRIPT_FILENAME, /home/user/pike/public_html/ScripTz/php/phpinfo.php. ...
www.kw.nl/~pike/ScripTz/php/phpinfo.php - 25k - Cached - Similar pages
----
Thanks,
Chris K
--
Chris Kennedy / getdown@groovy.org
I-Land Internet Services / Network Operations Center
\|/ ____ \|/
"@'/ .. \`@"
/_| \__/ |_\
\__U_/
-Linux SPARC Kernel Oops
