HomeMoxietypeLoginScreening Room

Useful Links 

Structured Data Testing Tool

JSON-LD Structured Data

ffmpeg

Theora.org

ISP testing tools

Amazon Cloud Front Serving Private Content Documentation

AWS Service Health Dashboard

Amazon Query Requests

What Is My DNS

DNS Queries

Pingdom

Check Your Headers

Open Graph

Getting Started with Linux Commands

Omega Enlarger

Rodagon 80mm lens for medium format

DCP and ProRes Preparation

Online Subtitle Shifter

i-Tunes Content Guide

Payroll Entries in QuickBooks

PNC Business Account Fees

Export Still Frame in FCP

Swedish Window Glaze

Haskap Berry

Film Carrier

Subsyncer Frame Rate Conversion




Categories
Accessibility
Advertising
Apple
Business
DRM
E-Commerce
Firefox
Google
Internet
Mac Tips
Marketing
Mobile Internet
Movies
New York
Offbeat
Photography
Privacy
Security
SEO
Social Web
Tech Buzz
Usability
Web Site Optimization
Word of the Week

Most Recent Entries
Taking a Master 25fps File and Converting it to 24fps
S-Bahnhof Potsdamer Platz 1989
Phomopsis in the Vineyard – Symptoms, Forecast, and Management
Best Book Design Covers 2020
DRM License and How it Works
Grants For Doing Nothing
Amazon Prime versus Twitch Streaming Video
LVH Video Segmenter
Copenhagen
Central Serous Chorioretinopathy
All entries
Security
UserpicPHP Easter Eggs Vulnerability Solution
Posted by Moxietype
01.14.15 Printable version

On servers running PHP, visit any page, remove the trailing slash, and append any of the following query-strings:

?=PHPE9568F36-D428-11d2-A769-00AA001ACF42
?=PHPE9568F35-D428-11d2-A769-00AA001ACF42
?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000
?=PHPE9568F34-D428-11d2-A769-00AA001ACF42

If the vulnerability is present, requests made with these query-strings results in a variety of easter eggs and detailed PHP credits. When these easter eggs are visible, it means that expose_php is enabled on the server. And when expose_php is enabled, PHP-generated pages are sent with X-Powered-By response-headers that give PHP/version infos, such as “X-Powered-By: PHP/5.4.7”. Knowing the version number of software makes it easier for bad guys to research and exploit known vulnerabilities. So let’s take a moment to “plug the leak” by disabling expose_php.

Disable expose_php via php.ini

The recommended solution is to set expose_php = Off



Return to Home
© 2020 All content by Moxietype unless otherwise noted, with some restriction on its use. - Powered by MoxieType.