GIDForums  

Go Back   GIDForums > Computer Programming Forums > MySQL / PHP Forum
Reload this Page Time to remove your phpinfo pages?
User Name
Password
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

 
 
Thread Tools Search this Thread Rate Thread
  #1  
Old 08-Jun-2003, 11:12
JdS's Avatar
JdS JdS is offline
Senior Member
  
Join Date: Aug 2001
Location: KUL, Malaysia
Posts: 3,371
JdS will become famous soon enough

Time to remove your phpinfo pages?

http://www.securityfocus.com/bid/7805/info/

Quote:
Scripts that include the PHP phpinfo() debugging function may be prone to cross-site scripting attacks. This could permit remote attackers to create a malicious link to a vulnerable PHP script that includes hostile client-side script code or HTML. If this link is visited, the attacker-supplied code may be rendered in the browser of the user who visit the malicious link.
  #2  
Old 08-Jun-2003, 11:22
Div's Avatar
Div Div is offline
Moderator
  
Join Date: May 2002
Posts: 996
Div has a spectacular aura aboutDiv has a spectacular aura about
At the very least rename the file from the usual phpinfo.php. I am guessing that it won't be long before you see bots scurrying around on sites looking for that particular file name.
__________________
Web Hosting Tips | Career Advice
  #3  
Old 09-Jun-2003, 04:52
Allowee's Avatar
Allowee Allowee is offline
Regular Member
  
Join Date: May 2003
Location: The Netherlands
Posts: 339
Allowee has a spectacular aura about
have a look at this.....

http://bugs.php.net/bug.php?id=24024
__________________
Pastebin
PHP Documentation Site
Allowee's Blog http://allowee.net
  #4  
Old 09-Jun-2003, 05:08
JdS's Avatar
JdS JdS is offline
Senior Member
  
Join Date: Aug 2001
Location: KUL, Malaysia
Posts: 3,371
JdS will become famous soon enough
Yep, this is why I never publicise my phpinfo to just anyone. When the need arises, better to show a static version instead.
 
 
« Previous Thread | Next Thread »

Recent GIDBlogOnce again, no time for hobbies by crystalattice

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Display Size and maybe download time BobbyDouglas MySQL / PHP Forum 5 08-Nov-2003 01:18
ambiguity in time field zuzupus MySQL / PHP Forum 9 28-Jul-2003 09:40
time Problem zuzupus MySQL / PHP Forum 9 24-Jul-2003 08:02
carry logging state across pages skyloon MySQL / PHP Forum 1 30-Jun-2003 06:03
The Google update this time... JdS Search Engine Optimization Forum 5 04-Jun-2003 16:25

Network Sites: GIDNetwork · GIDWebHosts · GIDSearch · Learning Journal by J de Silva, The

All times are GMT -6. The time now is 01:12.

Contact Us - GIDForums™ - Archive - Top

vBulletin, Copyright © 2000 - 2009, Jelsoft Enterprises Ltd.