Congrats, Andi on finding this. It's just another great way to
do fingerprinting on a site (this should probably be built into
scanning tools as it's a pretty reliable fingerprint). You can
find out which version is running as they are nice enough
to tell you in the credits and the images are different in
different versions. So far I have found a number of
sites with very old versions by using this technique. I'm
almost sure this could be used as another type of attack vector
where you just need a PHP script to return a lot of data to
another PHP script. I realize this can be turned off but in the
10 minutes of checking not one of the sites I looked at had.
On Sun, 28 Nov 2004, Andi McLean wrote:
| Date: Sun, 28 Nov 2004 13:21:38 +0000
| From: Andi McLean <andi_mclean@ntlworld.com>
| To: webappsec@securityfocus.com
| Subject: Fwd: PHP Easter Eggs
|
| Hi,
|
| Does anyone know about the easter eggs in PHP?
| I've just found out about them, My trust in PHP has just had a major set
back,
| as I'm wondering what other easter eggs there are and can any be used to
| circumenvent the protection I have on my site.
| I feel like I now need to have a look at the source code, to find out what
| else is there.
|
| <anywebsite.that/uses.php>?=PHPE9568F36-D428-11d2-A769-00AA001ACF42
|
| <anywebsite.thatuses.php>?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000
|
| <anywebsite.thatuses.php>?=PHPE9568F34-D428-11d2-A769-00AA001ACF42
|
| eg
| www.jsane.com/index.php?=PHPE9568F36-D428-11d2-A769-00AA001ACF42
| www.jsane.com/index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000
| www.jsane.com/index.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42
|
|
| Andi
|
-R
The information in this email is confidential and may be legally
privileged. It is intended solely for the addressee. Access to
this email by anyone else is unauthorized. If you are not the
intended recipient, any disclosure, copying, distribution or any
action taken or omitted to be taken in reliance on it is
expressly prohibited and may be unlawful.
