On what valuable information can be obtained from phpinfo

PHPInfo () function is mainly used in the Web site construction process test set up the PHP environment is correct, many sites after the test is not deleted in time, so when access to these test pages, will output the key information of the server, the disclosure of these information will lead to the risk of infiltration of the server. Let's take a look at the detailed introduction below.

Phpinfo function

The Phpinfo function in PHP provides the phpinfo () function, which returns all the information in PHP, including PHP's compilation options and extensions, PHP version, server information and environment variables, PHP environment variables, operating system version information, path and environment variable configuration, HTTP headers, and copyright announcements and other information.

Its function is defined as follows:

Syntax: int phpinfo (void);

return value: Integer

Function type: PHP system function

For example, create a new PHP file where you enter the following:

<?php phpinfo ();?>

Sophpinfo()presumably the most familiar to everyone, after setting up the environment will then write aphpinfo()to test the environment is normal, many people forget to delete the test to start the deployment environment, which caused a number of sensitive information leaks. Sophpinfo()what kind of sensitive information can we get from them?

PHP version This is needless to say, to see what more sensitive information leaks.

One, absolute path (_server["Script_filename"])

Ii. Supported procedures

You canphpinfo()see some special program services, such as Redis, Memcache, MySQL, SMTP, curl, and so on, if the server has Redis or memcache can be getshell through SSRF, There have been such problems in Discuz. If you are sure that you have a redis or memcache, in the absence of ideas, you can focus on finding SSRF

Third, leakage real IP (_server["server_addr"] or SERVER_ADDR)

Sometimes throughphpinfo()the leakage of IP can check the side station, c section of what, directly ignore the CDN, Pepsi is not the spirit.

Iv. GOPHER

is SSRF part of it, or mainly rely on SSRF use up, if support gopher,ssrf there is no pressure

Wu, fastcgi

To see if versions of FastCGI and fastcgi are turned on, which can lead to issues such as parsing vulnerabilities, remote command execution, arbitrary file reads, and more

Vi. Leak cache file address (_files["file1"])

To Phpinfo () post a shell can_FILES[“file1”]see the uploaded temporary files, if there is a lfi, you can directly Getshell.

Seven, some sensitive configuration

Allow_url_include, Allow_url_fopen, Disable_functions, Open_basedir, Short_open_tag, etc.

For example, Allow_url_include can be used for remote file inclusion, disable_functions to view disabled functions, bypass execution, see if Open_basedir is turned on, and use P Bull bypass Open_ The Basedir method may be able to read some directories that are not authorized, and so on.

In addition, we can obtain some environmental information, such as path, log, etc. in environment.

Summarize