Introduction to PHP egg information and methods to prevent leakage (hidden function)

This article mainly introduces the introduction of PHP eggs and how to prevent leaks. PHP eggs refer to some hidden functions. If you do not pay attention to this issue, they will be exploited by hackers. For more information, see

This article mainly introduces the introduction of PHP eggs and how to prevent leaks. PHP eggs refer to some hidden functions. If you do not pay attention to this issue, they will be exploited by hackers. For more information, see

Easter Eggs (Easter Eggs) outsiders probably don't know about it. The online explanation of Easter Eggs is: used to hide functions or information in computer, video game, computer game, video album, or other interactive multimedia. PHP contains a security vulnerability that may result in unauthorized information disclosure. If you are running PHP, you may find the PHP version and other sensitive information. I think it is necessary to solve this problem to ensure the security of your website.

How PHP egg works

You can add the following string after the domain name to access any webpage on the server running PHP:

The Code is as follows:

? = PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 (PHP info List)
? = PHPE9568F34-D428-11d2-A769-00AA001ACF42 (php logo)
? = PHPE9568F35-D428-11d2-A769-00AA001ACF42 (Zend LOGO)
? = PHPE9568F36-D428-11d2-A769-00AA001ACF42 (php logo blue elephant)

Of course, if the vulnerability exists, you can view the information above. Currently, most websites are blocked. However, if expose_php is enabled, PHP will generate a page to send the PHP version information, in this way, some "bad guys" will know your version number to use known version vulnerabilities for attacks.

How to stop eggs

In general, if your server supports editing the php. ini file, we can set expose_php in php. ini to Off to block it. If you cannot operate the php. ini file, you can also set. htaccess to block it.

The Code is as follows:

RewriteCond % {QUERY_STRING} \ = PHP [0-9a-f] {8}-[0-9a-f] {4}-[0-9a-f] {4}-[0-9a-f] {4}-[0-9a-f] {12} [NC]
RewriteRule. *-[F]

Through the above two methods, we can shield some PHP information. Some servers enable expose_php by default, so it is best for my friends to close this article.

Really appreciate it Jeff Starr's post expose_php, Easter Eggs, and. htaccess.

Example:

The Code is as follows:

,