PHP easter eggs
There is an easter egg in PHP configuration that also allows you to detect a possible vulnerability.
Inside the php source within php-source/ext/standard/info.h (lines 53 to 56), there are 4 code defining PHP logos like this:
<?php #define PHP_LOGO_GUID "PHPE9568F34-D428-11d2-A769-00AA001ACF42" #define PHP_EGG_LOGO_GUID "PHPE9568F36-D428-11d2-A769-00AA001ACF42" #define ZEND_LOGO_GUID "PHPE9568F35-D428-11d2-A769-00AA001ACF42" #define PHP_CREDITS_GUID "PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000" ?>
By adding these codes to any url on your server like index.php?=PHPE9568F36-D428-11d2-A769-00AA001ACF42, it might show you different picture. A picture you'll see depends on code you used and version of PHP you have.
So if you add any of the codes above to any url of your server and it shows you a PHP easter egg picture, it means that expose_php setting is turned on (It is turned on by default). You may want to turn off this setting so you won't expose that you are using PHP thus saying others to try all potential PHP vulnerabilities.
You may also be interested in:
Powered by BlogAlike.com