View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0002202XdebugStep Debuggingpublic2023-09-13 09:222023-09-14 14:35
Reporterdiwantaha Assigned Toderick  
PriorityurgentSeveritymajorReproducibilityalways
Status resolvedResolutionno change required 
PlatformPlatform 
Summary0002202: PHP info page disclosure.
Description

Hi team,
I found a phpinfo path which is disclosing system PHP configuration.
phpinfo() is a debug functionality that prints out detailed information on both the system and the PHP configuration.
Step to reproduce:

Steps to Reproduce:
Visist: https://xdebug.org/archives/xdebug-general/att-0782/phpinfo.htm

An attacker can obtain information such as:
Exact PHP version.
Exact OS and its version.
Details of the PHP configuration.
Internal IP addresses.
Server environment variables.
Loaded PHP extensions and their configurations and etc.

Impact
This information can help an attacker gain more information on the system. After gaining detailed information, the attacker can research known vulnerabilities for that system under review. The attacker can also use this information during the exploitation of other vulnerabilities.

Steps To Reproduce

Steps to Reproduce:
Visist: https://xdebug.org/archives/xdebug-general/att-0782/phpinfo.htm

TagsNo tags attached.
Attached Files
Xbug.png (138,177 bytes)   
Xbug.png (138,177 bytes)   
Operating System
PHP Version8.2.0-8.2.9

Activities

derick

2023-09-14 14:35

administrator   ~0006649

Duplicate of #2189 and also no issue.

If you had actually had a look, and done some research, you would have found that the "information disclosure" is:

  • A static page, from 2006
  • Not running actual code
  • The "internal" IP address is "192.168.1.15/.77", which tells you nothing as you don't know on whose network that is.

There is nothing to fix here.

cheers,
Derick

Issue History

Date Modified Username Field Change
2023-09-13 09:22 diwantaha New Issue
2023-09-13 09:22 diwantaha File Added: Xbug.png
2023-09-14 14:35 derick Assigned To => derick
2023-09-14 14:35 derick Status new => resolved
2023-09-14 14:35 derick Resolution open => no change required
2023-09-14 14:35 derick Note Added: 0006649