vuln. scanning PHP - nikto
Nikto tells me that "/index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000" reveals potentially sensitive info. It's a list of all the developers' name.
I tried to turn it off from php.ini with "expose_php = Off" but it still comes up in the scan. I restarted HTTPD. How can I disable it?
How do I know if there's any other strings like this one?
Is this - PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 - a hex string that could be converted to ASCII?
Thanks.
Last edited by noir911; 08-04-2009 at 07:15 AM.
|