Home > Developer > PHP

Introduction to PHP egg information and methods to prevent leakage (hidden function)

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >
This article mainly introduces the introduction of PHP eggs and how to prevent leaks. PHP eggs refer to some hidden functions that will be exploited by hackers if they do not pay attention to this problem, if you need a friend, you can refer to Easter Eggs (Easter Eggs). It is estimated that they do not know this is a magic thing. the online explanation of the egg is: used to hide functions or information in computer, video game, computer game, video album, or other interactive multimedia. PHP contains a security vulnerability that may result in unauthorized information disclosure. if you are running PHP, you may find the PHP version and other sensitive information. I think it is necessary to solve this problem to ensure the security of your website.

How PHP egg works

You can add the following string after the domain name to access any webpage on the server running PHP:

The code is as follows:


? = PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 (PHP info list)
? = PHPE9568F34-D428-11d2-A769-00AA001ACF42 (php logo)
? = PHPE9568F35-D428-11d2-A769-00AA001ACF42 (Zend LOGO)
? = PHPE9568F36-D428-11d2-A769-00AA001ACF42 (php logo Blue Elephant)

Of course, if the vulnerability exists, you can view the information above. Currently, most websites are blocked. However, if expose_php is enabled, PHP will generate a page to send the PHP version information, in this way, some "bad guys" will know your version number to use known version vulnerabilities for attacks.

How to stop eggs

In general, if your server supports editing the php. ini file, we can set expose_php in php. ini to Off to block it. If you cannot operate the php. ini file, you can also set. htaccess to block it.

The code is as follows:


RewriteCond % {QUERY_STRING} \ = PHP [0-9a-f] {8}-[0-9a-f] {4}-[0-9a-f] {4}-[0-9a-f] {4}-[0-9a-f] {12} [NC]
RewriteRule. *-[F]


Through the above two methods, we can shield some PHP information. some servers enable expose_php by default, so it is best for my friends to close this article.

Really appreciate it Jeff Starr's post expose_php, Easter Eggs, and. htaccess.

Example:

The code is as follows:


Http://wowo.haotui.com/space.php? = PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000
Http://en.wikipedia.org/w/index.php? = PHPE9568F34-D428-11d2-A769-00AA001ACF42
Http://www.zend.com/en/index.php? = PHPE9568F35-D428-11d2-A769-00AA001ACF42

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
introduction to php and mysql introduction to php and mysql pdf introduction to php pdf introduction to php programming introduction to php ppt introduction to javascript programming with xml and php how to prevent dos and ddos attacks

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More