Public php.ini

Ye' old general discussion board. Basically, for everything that isn't covered elsewhere. Come here to shoot the breeze, shoot your mouth off, or whatever suits your fancy.
This forum is not for asking programming related questions.

Moderator: General Moderators

Post Reply
User avatar
JAB Creations
DevNet Resident
Posts: 2341
Joined: Thu Jan 13, 2005 6:44 pm
Location: Sarasota Florida
Contact:

Public php.ini

Post by JAB Creations »

User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

regarding what?
User avatar
Ollie Saunders
DevNet Master
Posts: 3179
Joined: Tue May 24, 2005 6:01 pm
Location: UK

Re: Public php.ini

Post by Ollie Saunders »

JAB Creations wrote:Your thoughts?
They are ignorant of the risks associated with exposure.
User avatar
JAB Creations
DevNet Resident
Posts: 2341
Joined: Thu Jan 13, 2005 6:44 pm
Location: Sarasota Florida
Contact:

Post by JAB Creations »

Just curious to what the initial reactions. I suspected this to be a security risk (probably an understatement).
User avatar
onion2k
Jedi Mod
Posts: 5263
Joined: Tue Dec 21, 2004 5:03 pm
Location: usrlab.com

Post by onion2k »

Any file with server information in it might be useful, but in the case of php.ini it doesn't really give much away. Especially if it's pretty much the default version like that one. Plus you're assuming that they're actually using that ini file. The fact it's there doesn't mean it's the one the server is configured to use.
User avatar
superdezign
DevNet Master
Posts: 4135
Joined: Sat Jan 20, 2007 11:06 pm

Post by superdezign »

The only danger of showing the php.ini file is if they have a bad configuration that can be exploited. Either way, someone would possibly notice eventually.
User avatar
Jenk
DevNet Master
Posts: 3587
Joined: Mon Sep 19, 2005 6:24 am
Location: London

Post by Jenk »

That doesn't look like the usual php.ini format?
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

I think their server is having problems, because you get a directory listing when you hit the base URI --> http://www.todaystechnews.com/

Anyway, that php.ini looks to be a plain jane php.ini file with only minor modifications. It looks to be an example file that some site may be using as a 'look for a file that looks something like this' type of thing.

EDIT | Actually, looking at the directory listing I would venture to say that the site is being hosted by a host that allows PHP 4 and 5 on the same machine and allows each virtual host to be able to manage their own PHP ini file. Or something of that nature. The funny thing is that the site is hosted on an Apache server and the index page in that directory listing is default.html, something commonly associated with an IIS type of server (whereas Apache typically uses index.html). Anyway, I think it might be a new site with some set up issues that will be resolved eventually.
Post Reply