• Services
  • Blog
  • Knowledge Base
  • Contact
our services
  • Application Penetration Testing

    • X-Runtime Header Timing Attacks
    • wkhtmltopdf File Inclusion Vulnerability
    • API Mass Assignment Vulnerability
    • Web Server TRACE Enabled
  • AWS Pentesting

    • Misconfigured S3 Bucket
    • S3 Storage Does Not Require Authentication
  • DevOps Security

    • Securing Travis CI
  • Encryption

    • TLS 1.0 Initialization Vector Implementation Information Disclosure Vulnerability
    • OpenSSL ‘ChangeCipherSpec’ (CCS) MiTM Vulnerability
    • Null Ciphers Supported
    • ‘Export Ciphers’ Enabled
  • Network Penetration Testing

    • TLS_FALLBACK_SCSV Not Supported
    • PHP Easter Eggs Enabled
    • MySQL Multiple Vulnerabilities
    • Debian Predictable Random Number Generator Weakness
    • Cisco IKE Fragmentation Vulnerability
  • Pentesting Fundamentals

    • Testing Cookie Based Session Management
Network Penetration Testing

PHP Easter Eggs Enabled

our services

Affected IPs:

PHP has several known “easter eggs” which are packaged with PHP versions prior to 5.5. There are four strings which can be appended to any PHP script to display logos and developer credits. While these easter eggs do not disclose particularly sensitive information, they can be used by an attacker to profile the version of PHP installed and fine tune future attacks.

Below is a summary of the easter eggs identified:
1) PHP Credits: A display of credits for the PHP developer team.
‘?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000’

2) PHP Version Logo: A logo which varies between versions of PHP
‘?=PHPE9568F36-D428-11d2-A769-00AA001ACF42’

3) Zend Logo: A logo of the Zend framework
‘?=PHPE9568F35-D428-11d2-A769-00AA001ACF42’

4) PHP Logo: A logo for the PHP framework:
‘?=PHPE9568F34-D428-11d2-A769-00AA001ACF42’

Remediation

Virtue Security recommends that Acme Bank remove PHP easter eggs. This can be accomplished by setting the expose_php directive in php.ini to “Off”. Disabling expose_php will also remove the PHP version from the ‘X-Powered-By’ HTTP header.

To do this, simply locate the php.ini configuration file and locate the expose_php directive. Ensure the value is set to “Off” as shown below:

expose_php = Off

It is also recommended that the version of PHP be upgraded to the latest stable version. At the time of this writing the latest stable version is 5.5.11 and is available at the following URL: http://php.net/downloads.php

← OpenSSL ‘ChangeCipherSpec’ (CCS) MiTM Vulnerability
TLS 1.0 Initialization Vector Implementation Information Disclosure Vulnerability →
  • Services
  • Blog
  • Knowledge Base
  • Contact
Looking for a better
penetration test?

Make an appointment with an expert today

Request a meeting invite? (EDT)

Contact ASAP3:00 PM Today4:00 PM Today1:00 PM Tomorrow3:00 PM TomorrowOther / Just Send Info