[PHP-BUG] Bug #55497 [NEW]: Credits URL Security ?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000

Tue, 23 Aug 2011 19:36:16 -0700 

From:             
Operating system: Any
PHP version:      Irrelevant
Package:          PHP options/info functions
Bug Type:         Bug
Bug description:Credits URL Security ?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000

Description:
------------
?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 displays php credits, it also
displays 
credits for all modules.

This effectively makes it a security issue since it allows an attacker to
scan for 
a specific vulnerable module and then exploit it. 

Test script:
---------------
http://php.net/?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000

Expected result:
----------------
?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 should be disabled by default, or

display generic information only.   The current behavior is unacceptable. 

Actual result:
--------------
Specific information regarding installed modules is displayed. 

-- 
Edit bug report at https://bugs.php.net/bug.php?id=55497&edit=1
-- 
Try a snapshot (PHP 5.4):            
https://bugs.php.net/fix.php?id=55497&r=trysnapshot54
Try a snapshot (PHP 5.3):            
https://bugs.php.net/fix.php?id=55497&r=trysnapshot53
Try a snapshot (trunk):              
https://bugs.php.net/fix.php?id=55497&r=trysnapshottrunk
Fixed in SVN:                        
https://bugs.php.net/fix.php?id=55497&r=fixed
Fixed in SVN and need be documented: 
https://bugs.php.net/fix.php?id=55497&r=needdocs
Fixed in release:                    
https://bugs.php.net/fix.php?id=55497&r=alreadyfixed
Need backtrace:                      
https://bugs.php.net/fix.php?id=55497&r=needtrace
Need Reproduce Script:               
https://bugs.php.net/fix.php?id=55497&r=needscript
Try newer version:                   
https://bugs.php.net/fix.php?id=55497&r=oldversion
Not developer issue:                 
https://bugs.php.net/fix.php?id=55497&r=support
Expected behavior:                   
https://bugs.php.net/fix.php?id=55497&r=notwrong
Not enough info:                     
https://bugs.php.net/fix.php?id=55497&r=notenoughinfo
Submitted twice:                     
https://bugs.php.net/fix.php?id=55497&r=submittedtwice
register_globals:                    
https://bugs.php.net/fix.php?id=55497&r=globals
PHP 4 support discontinued:          
https://bugs.php.net/fix.php?id=55497&r=php4
Daylight Savings:                    https://bugs.php.net/fix.php?id=55497&r=dst
IIS Stability:                       
https://bugs.php.net/fix.php?id=55497&r=isapi
Install GNU Sed:                     
https://bugs.php.net/fix.php?id=55497&r=gnused
Floating point limitations:          
https://bugs.php.net/fix.php?id=55497&r=float
No Zend Extensions:                  
https://bugs.php.net/fix.php?id=55497&r=nozend
MySQL Configuration Error:           
https://bugs.php.net/fix.php?id=55497&r=mysqlcfg

Reply via email to