A couple of things...
1) Website regarding the easter eggs, it appears you do need to have
expose php ON:
http://www.phpfreaks.com/articles/84/0.php
2) I quickly looked at the php-5.0.0 source and noticed the Easter Egg
"keys" in this file...
ext/standard/info.h
from that file:
#endif /* HAVE_CREDITS_DEFS */
#define PHP_LOGO_GUID "PHPE9568F34-D428-11d2-A769-00AA001ACF42"
#define PHP_EGG_LOGO_GUID "PHPE9568F36-D428-11d2-A769-00AA001ACF42"
#define ZEND_LOGO_GUID "PHPE9568F35-D428-11d2-A769-00AA001ACF42"
#define PHP_CREDITS_GUID "PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000"
Just my observations...
On Nov 29, 2004, at 9:19 AM, Krul Thomas wrote:
I think you must have the "expose_php" value in your php.ini set to ON
in
order for this to work.
-----Original Message-----
From: Andi McLean [mailto:andi_mclean@ntlworld.com]
Sent: Sunday, November 28, 2004 8:22 AM
To: webappsec@securityfocus.com
Subject: Fwd: PHP Easter Eggs
Hi,
Does anyone know about the easter eggs in PHP?
I've just found out about them, My trust in PHP has just had a major
set
back,
as I'm wondering what other easter eggs there are and can any be used
to
circumenvent the protection I have on my site.
I feel like I now need to have a look at the source code, to find out
what
else is there.
<anywebsite.that/uses.php>?=PHPE9568F36-D428-11d2-A769-00AA001ACF42
<anywebsite.thatuses.php>?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000
<anywebsite.thatuses.php>?=PHPE9568F34-D428-11d2-A769-00AA001ACF42
eg www.jsane.com/index.php?=PHPE9568F36-D428-11d2-A769-00AA001ACF42
www.jsane.com/index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000
www.jsane.com/index.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42
Andi
