On 6/12/07, Richard Lynch <[EMAIL PROTECTED]> wrote:
On Tue, June 12, 2007 2:41 pm, Eric Butera wrote:
> Hopefully nobody has phpinfo just sitting out on a production server.
A quick Google:
http://www.google.com/search?hl=en&q=%22Zend+logo+This+program+makes+use+of+the+Zend+Scripting+Language+Engine%3A%22&btnG=Google+Search
will tell you that you hope in vain.
In fact, Google says that there are about 151,000 production servers
have phpinfo() just sitting out there...
Granted, some of those will be intentional by people who know what
they are doing and what they are risking.
I'm guessing that with a little effort, you could even search for
phpinfo() pages exposing passwords that are allegedly protected by
being in root-owned httpd.conf
--
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?
Guess that patch to prevent it from being spidered is a bit late.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
