Taken from the website:
Everyone knows the famous PHP phpinfo(), which provide the programmer with invaluable information about his server configuration and set up. This is a useful tool as soon as one get a new server, and it is also a tool to talk with any administrator.
Yet, after usage, it is usually recommended to remove it, or to restrict its access to few people. Indeed, phpinfo may be dangerous by itself : in other times, it was even flawed with XSS injections. Even when secured, phpinfo() publish information about your architecture, and it is always recommended to keep it from privy eyes.
Sadly enough, the common habit to set up a phpinfo page on every web site is now so widely spread that even search engines are starting to pick them up : there are literally thousands of phpinfo indexed on Yahoo and Google. Just hit a search with the words 'phpinfo()' 'GoogleBot' and "Zend Scripting Language Engine" on google.
Read more: PHP configuration statistics
No comments:
Post a Comment