Ulysses

General => Off-Topic => Topic started by: LuaTenshi on October 18, 2013, 10:44:04 PM

Title: Need some help. (Website & PHP)
Post by: LuaTenshi on October 18, 2013, 10:44:04 PM

I was wondering how would I stop things like...

Code: [Select]

?=PHPE9568F36-D428-11d2-A769-00AA001ACF42A PHP Easter egg. (http://www.twistedforums.co.uk/index.php?=PHPE9568F36-D428-11d2-A769-00AA001ACF42)

and...

Code: [Select]

?=;"A strange blank page that has the forums theme. (http://www.twistedforums.co.uk/index.php?=;")

from bringing up pages that I do not want my users to see.

---

I have recently installed this... http://www.php-firewall.info/ (http://www.php-firewall.info/) ( not even sure if its working... ). But it has not fixed what I wanted it to fix.

---

...and yes I am very new to this whole thing.

Title: Re: Need some help. (Website & PHP)
Post by: Megiddo on October 19, 2013, 07:32:39 AM

Take a step back: why does it matter? If users are hand-crafting URLs, of course they'll get odd results.

Title: Re: Need some help. (Website & PHP)
Post by: JamminR on October 19, 2013, 08:35:42 AM

Megiddo, because each version of PHP has it's own egg, and, each version has it's own set of potential vulnerabilities.
It's a limited method of determining PHP version, which then could lead to more specific attack vectors.

Using google, 'disable PHP easter egg', I found this nice article explaining some of it, including some solutions.
http://blog.detectify.com/post/34559130700/do-you-dare-to-show-your-php-easter-egg (http://blog.detectify.com/post/34559130700/do-you-dare-to-show-your-php-easter-egg)