On what valuable information can be obtained from phpinfo

Source: Internet
Author: User
Tags gopher phpinfo
PHPInfo () function is mainly used in the Web site construction process test set up the PHP environment is correct, many sites after the test is not deleted in time, so when access to these test pages, will output the key information of the server, the disclosure of these information will lead to the risk of infiltration of the server. Let's take a look at the detailed introduction below.





Phpinfo function



The Phpinfo function in PHP provides the phpinfo () function, which returns all the information in PHP, including PHP's compilation options and extensions, PHP version, server information and environment variables, PHP environment variables, operating system version information, path and environment variable configuration, HTTP headers, and copyright announcements and other information.



Its function is defined as follows:



Syntax: int phpinfo (void);



return value: Integer



Function type: PHP system function



For example, create a new PHP file where you enter the following:


<?php phpinfo ();?>


Sophpinfo()presumably the most familiar to everyone, after setting up the environment will then write aphpinfo()to test the environment is normal, many people forget to delete the test to start the deployment environment, which caused a number of sensitive information leaks. Sophpinfo()what kind of sensitive information can we get from them?



PHP version This is needless to say, to see what more sensitive information leaks.



One, absolute path (_server["Script_filename"])






Ii. Supported procedures



You canphpinfo()see some special program services, such as Redis, Memcache, MySQL, SMTP, curl, and so on, if the server has Redis or memcache can be getshell through SSRF, There have been such problems in Discuz. If you are sure that you have a redis or memcache, in the absence of ideas, you can focus on finding SSRF



Third, leakage real IP (_server["server_addr"] or SERVER_ADDR)



Sometimes throughphpinfo()the leakage of IP can check the side station, c section of what, directly ignore the CDN, Pepsi is not the spirit.



Iv. GOPHER



is SSRF part of it, or mainly rely on SSRF use up, if support gopher,ssrf there is no pressure



Wu, fastcgi



To see if versions of FastCGI and fastcgi are turned on, which can lead to issues such as parsing vulnerabilities, remote command execution, arbitrary file reads, and more



Vi. Leak cache file address (_files["file1"])



To Phpinfo () post a shell can_FILES[“file1”]see the uploaded temporary files, if there is a lfi, you can directly Getshell.






Seven, some sensitive configuration



Allow_url_include, Allow_url_fopen, Disable_functions, Open_basedir, Short_open_tag, etc.



For example, Allow_url_include can be used for remote file inclusion, disable_functions to view disabled functions, bypass execution, see if Open_basedir is turned on, and use P Bull bypass Open_ The Basedir method may be able to read some directories that are not authorized, and so on.



In addition, we can obtain some environmental information, such as path, log, etc. in environment.



Summarize


Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.