Home >Backend Development >PHP Tutorial >How to use 'PHP” easter eggs to obtain sensitive information_PHP Tutorial
Perhaps many old PHPers have already known or heard about the term "PHP Easter Egg". It seems that there were Easter eggs as early as the PHP4 version. It is quite fun. It may have been gradually forgotten by people in recent years. In fact, The Easter egg function is enabled by default in the PHP script engine.
Write phpinfo(); and then access it, plus the following GET value to view it
Let’s use the Discuz official forum to do a test:
http://www. discuz.net/?=PHPE9568F34-D428-11d2-A769-00AA001ACF42
http://www.discuz.net/?=PHPE9568F35-D428-11d2-A769-00AA001ACF42
http://www.discuz.net/?=PHPE9568F36-D428-11d2-A769-00AA001ACF42
http://www.discuz.net/?=PHPB8B5F2A0 -3C92-11d3-A3A9-4C7B08C10000
The red part of the four links above is the GUID value defined in the PHP source code/ext/standard/info.h, as shown in the figure below
Regarding the PHP easter egg, this method has been used by some foreign web vulnerability scanners (such as HP WebInspect) to detect what web development language the scanned website uses. In fact, during the penetration testing process, it is often difficult to identify which web development language is used on some websites, because some websites use dynamic scripts to generate purely static HTML pages or use URL rewriting to implement pseudo-static pages. If the website uses PHP If you are developing, you can try to use the Easter egg detection method. In many cases, you can pinpoint the identification, because the Easter egg function is enabled in php.ini by default. Of course, if you don’t want others to obtain the website through Easter eggs. For sensitive information, just set expose_php = Off in php.ini!
After reading the above, some people may say that since expose_php = On in php.ini, then it is OK to just capture the packet and look at the http header information. However, some large site web servers have reverse directions in front of them. Proxy server, so it cannot completely rely on capturing the information in the http header.