vuln. scanning PHP

noir911 · 08-04-2009, 07:04 AM

Nikto tells me that "/index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000" reveals potentially sensitive info. It's a list of all the developers' name.

I tried to turn it off from php.ini with "expose_php = Off" but it still comes up in the scan. I restarted HTTPD. How can I disable it?

How do I know if there's any other strings like this one?

Is this - PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 - a hex string that could be converted to ASCII?

Thanks.

unSpawn · 08-04-2009, 07:51 AM

Odd. "expose_php = off" should disable it. Nikto should point to http://osvdb.org/12184. Checking CVS, PHP_FUNCTION(php_egg_logo_guid) in http://cvs.php.net/viewvc.cgi/php-sr...p&pathrev=MAIN, leads to "#define PHP_EGG_LOGO_GUID "PHPE9568F36-D428-11d2-A769-00AA001ACF42"" in http://cvs.php.net/viewvc.cgi/php-sr...p&pathrev=MAIN, so maybe use a WAF like mod_security?

noir911 · 08-04-2009, 08:12 AM

Ahh, it did now. Not sure what happened.