you know how the php starters tend to test their page by using this code

<?php

phpinfo();
?>

i found one on a site. can it be exploited in anyway??

let me know. is there a tool to do that or what?

    yeah, we are gonna tell you how to crack into someones site

    gimme a break, and why would you want to

      hmmm well while that could well be his intention, im assuming he meant 'are there any vulnerabilities i should be aware of for my own sake?'

      just a guess.... if he is some cracker i'd ask him banned, but other wise.....
      moon

        its not like Im going to destroy them. I just want to know how it is worked. so I can prevent their site from being exploited.

        thats fine if you dont trust me.. I just want to learn about how php can execute commands remotely

          well, that said, you can see where their config files are, their paths, just about any config options, stuff installed, etc...

          but i wouldn't say it is an exploit persay, it just isn't advisable to have out in the open

          my suggestion is to protect it in a folder via .htaccess so only passworded people can view the information, or only upload it when you need to see it, then delete it

            Originally posted by stolzyboy
            well, that said, you can see where their config files are, their paths, just about any config options, stuff installed, etc...

            but i wouldn't say it is an exploit persay, it just isn't advisable to have out in the open

            my suggestion is to protect it in a folder via .htaccess so only passworded people can view the information, or only upload it when you need to see it, then delete it

            I generally put something like...

            if ($_GET['somevar'] != 'somerandomstringandnumbers')
{
     echo "Yah right...\n";
     exit;
}
.....// rest of page here

              I ran a exploit on my own webserver and found out that i could access my c:<path> using the

              [url]http://[/url]<yourserver>/php/php.exe?c:\ <path> in the url

              how do i stop this from allowing any user to access to my files???

              I am using apache 1.3.14 with PHP 4.0

              the error code was:

              Common File/Directory Exposure. Possible misconfiguration problem in the web server that allow unauthorized remote users to steal confidential documents or gain information about the web server's host machine.

              any idea what I should do to prevent this??

                Write a Reply...