Using "php eggs" to get sensitive information

About the "PHP eggs" may be a lot of old phper already know or heard, as if it was early in the PHP4 version of the time there are eggs, very good fun, may have been gradually forgotten in recent years, in fact, the Easter egg function in PHP script engine is open by default.

Write a phpinfo (), then access, plus the following get value to check

Here is a Discuz official forum to do the test:

Http://www.discuz.net/?=PHPE9568F34-D428-11d2-A769-00AA001ACF42

Http://www.discuz.net/?=PHPE9568F35-D428-11d2-A769-00AA001ACF42

Http://www.discuz.net/?=PHPE9568F36-D428-11d2-A769-00AA001ACF42

http://www.discuz.net/?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000

The red part of the 4 links is the GUID value defined in the PHP source/ext/standard/info.h, as shown in the following figure

About the PHP egg This play has been used by some foreign web vulnerability scanners (for example, HP WebInspect) to detect what web development language the scanned web site uses. In fact, in the process of penetration testing often met some Web site is difficult to identify the use of what kind of web development language, because some sites using dynamic script to generate pure static HTML page or URL rewrite to achieve pseudo static page, if the site is using PHP development, you can try to use the detection of eggs, In many cases can be identified on the nail, because by default, the function of the eggs in the php.ini is open, of course, if you do not want to let others through the way of eggs to get sensitive information on the site, then in php.ini will expose_php = off can !

After reading these, some people may say that since expose_php = on in php.ini, it is OK to grab the packet and look at the HTTP header information, but the front of some large Web servers has a reverse proxy server, so it is not entirely dependent on capturing the information in the HTTP header.