FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » FUDforum Development » FUDforum 3.0+ » php.php
Show: Today's Messages :: Polls :: Message Navigator
Switch to threaded view of this topic Create a new topic Submit Reply
php.php [message #24705] Tue, 10 May 2005 14:16 Go to next message
danger is currently offline  danger   Slovakia
Messages: 11
Registered: May 2005
Location: Slovakia
Karma: 0
Junior Member
what is this peace of code in php.php good for?
(I know what is it good for, I mean, why is it there?!)

if (md5(stripslashes(urldecode($_GET['key']))) == 'e98765ea19068eac2d18a4e23be275c7') {
phpinfo();
}

Re: php.php [message #24707 is a reply to message #24705] Tue, 10 May 2005 15:11 Go to previous messageGo to next message
JamesS is currently offline  JamesS   United States
Messages: 275
Registered: July 2002
Location: Atlanta, GA
Karma: 0
Senior Member
It is used by the authors to view the PHP configuration on servers they are trying to help diagnose problems on. At least, that is why I assume that it is there.
Re: php.php [message #24709 is a reply to message #24705] Tue, 10 May 2005 15:57 Go to previous messageGo to next message
danger is currently offline  danger   Slovakia
Messages: 11
Registered: May 2005
Location: Slovakia
Karma: 0
Junior Member
I thought so, but never seen this before in any other php products.

this peace of code is able to make feel somebody, that developers of FUDforum are people who want to get some internal server's info...
Re: php.php [message #24710 is a reply to message #24705] Tue, 10 May 2005 16:03 Go to previous messageGo to next message
JamesS is currently offline  JamesS   United States
Messages: 275
Registered: July 2002
Location: Atlanta, GA
Karma: 0
Senior Member
I don't know of any information that is reported by phpinfo() that can be used in a malicious manner which can't be assertained by just issuing the proper HTTP headers to the server through a telnet session.
Re: php.php [message #24735 is a reply to message #24705] Thu, 12 May 2005 21:31 Go to previous message
Ilia is currently offline  Ilia   Mexico
Messages: 13241
Registered: January 2002
Karma: 0
Senior Member
Administrator
Core Developer
It's a debugging tool for when there is a problem, most large applications have an instance of such a file. If you can't spot it, you haven't looked hard enough.

FUDforum Core Developer
  Switch to threaded view of this topic Create a new topic Submit Reply
Previous Topic: New error
Next Topic: HTML Cleanup
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Fri Nov 22 02:35:53 GMT 2024

Total time taken to generate the page: 0.02313 seconds