PHPInfo () function is mainly used in the Web site construction process test set up the PHP environment is correct, many sites after the test is not deleted in time, so when access to these test pages, will output the key information of the server, the disclosure of these information will lead to the risk of infiltration of the server. Let's take a look at the detailed introduction below.
Phpinfo function
The Phpinfo function in PHP provides the phpinfo () function, which returns all the information in PHP, including PHP's compilation options and extensions, PHP version, server information and environment variables, PHP environment variables, operating system version information, path and environment variable configuration, HTTP headers, and copyright announcements and other information.
Its function is defined as follows:
Syntax: int phpinfo (void);
return value: Integer
Function type: PHP system function
For example, create a new PHP file where you enter the following:
<?php phpinfo ();?>
Sophpinfo()presumably the most familiar to everyone, after setting up the environment will then write aphpinfo()to test the environment is normal, many people forget to delete the test to start the deployment environment, which caused a number of sensitive information leaks. Sophpinfo()what kind of sensitive information can we get from them?
PHP version This is needless to say, to see what more sensitive information leaks.
One, absolute path (_server["Script_filename"])
Ii. Supported procedures
You canphpinfo()see some special program services, such as Redis, Memcache, MySQL, SMTP, curl, and so on, if the server has Redis or memcache can be getshell through SSRF, There have been such problems in Discuz. If you are sure that you have a redis or memcache, in the absence of ideas, you can focus on finding SSRF
Third, leakage real IP (_server["server_addr"] or SERVER_ADDR)
Sometimes throughphpinfo()the leakage of IP can check the side station, c section of what, directly ignore the CDN, Pepsi is not the spirit.
Iv. GOPHER
is SSRF part of it, or mainly rely on SSRF use up, if support gopher,ssrf there is no pressure
Wu, fastcgi
To see if versions of FastCGI and fastcgi are turned on, which can lead to issues such as parsing vulnerabilities, remote command execution, arbitrary file reads, and more
Vi. Leak cache file address (_files["file1"])
To Phpinfo () post a shell can_FILES[“file1”]see the uploaded temporary files, if there is a lfi, you can directly Getshell.
Seven, some sensitive configuration
Allow_url_include, Allow_url_fopen, Disable_functions, Open_basedir, Short_open_tag, etc.
For example, Allow_url_include can be used for remote file inclusion, disable_functions to view disabled functions, bypass execution, see if Open_basedir is turned on, and use P Bull bypass Open_ The Basedir method may be able to read some directories that are not authorized, and so on.
In addition, we can obtain some environmental information, such as path, log, etc. in environment.
Summarize