I'll go tell my boys. thanks for letting us know.
its always been a known fact not to leave phpinfo on your server where it can be accessed by the public.
its good for new programmers, but i've always known it was a security issue.
Originally posted by seby its always been a known fact not to leave phpinfo on your server where it can be accessed by the public. its good for new programmers, but i've always known it was a security issue.
Concur. I'm paranoid re: security, I don't want anybody seeing anything that phpinfo() knows...pathnames, OS types, software versions, build dates, etc., etc...
well, I always say that the question isn't how paranoid you are, but whether you're paranoid enough.
Just because you aren't paranoid, doesn't mean that noone is watching!!!
And why is phpbuilder's info page available then.
Jstarkey???
it isn't now... LOL
Originally posted by stolzyboy And why is phpbuilder's info page available then. Jstarkey???
Can you post a link? I haven't seen it.
Originally posted by jayant Make sure you keep your phpinfo() scripts protected (as in preferably not available for the world to see). This is no bigee, but it's best to avoid it: http://www.securityfocus.com/bid/7805/discussion/ Example: phpinfo.php?code=<script>alert("This is an exploit");</script> [/B]
Originally posted by jayant Make sure you keep your phpinfo() scripts protected (as in preferably not available for the world to see). This is no bigee, but it's best to avoid it: http://www.securityfocus.com/bid/7805/discussion/ Example:
phpinfo.php?code=<script>alert("This is an exploit");</script>
[/B]
Thanks for the info. Question still being intermediate, does this go into all our php pages? and if so, at the beginning of the page before all the script?
thanks Charles
I am not a Javascript expert .
However , with this exploit that permits Javascript insertion , an hacker could grab for example /etc/passwd data , or execute commands (wget for example) or upload files ?
Am I right ?
Originally posted by jstarkey Can you post a link? I haven't seen it.
Heh.. I went there the other day.. I noticed it changed now. I like the gender of the server, but usually machines are female. 🙂
yep, it was here http://www.phpbuilder.com/info.php, but i noticed it has changed
i generally go for something not so easy to guess if i want to see it ran
like: www.mydomain.com/asdfqwertyjklzxcvbnm90210.php
or something along those lines
Ok, theres still something there (at http://www.phpbuilder.com/info.php).
It also says that you're running PHPv6??? 😕
Doesn't the whole page look slightly bogus to you piersk?
Does the PHP Core have a gender?
Sheeesh, I'm giving up my career as a comic 🙁
Read the config line (and at least snicker, please??) 🙁
Maybe the php.ini location?
Zend Engine 3?
runs off with manly tears in his eyes
Hey, thanks Stolzy for pointing it out.
The server actually is fairmaiden.iworld.com, though, isn't it? (Iworld.com is internet.com, PHPBuilder is Jupiter Media, Internet.com is Jupiter Media...)
I thought it was funny, and I noticed the /usr/drunk... 😛
fairlane.iworld.com - I think our admins are Dice fans 🙂
Originally posted by jstarkey Hey, thanks Stolzy for pointing it out.
np
2 thumbs up for the comic revelation of the year! He will have you puke your guts out with his "I wrote a PHP script to generate Java servlets and it don't run on my Mac" or the hilarious "Yes my ping is bigger than yours". A must see
Woah!!!! You're famous 😃
Was really good m8. Totally my kind of humor (am always making fake stuff and hidden messages)
bows intently to the crowd
I bet y'all wait'in for a speech, aintcha?
Yeah!!!!!!!111one!!11!!! a speech!!!
/me grabs a pillow
