Page 1 of 1

Public php.ini

Posted: Fri Sep 07, 2007 4:03 pm
by JAB Creations

Posted: Fri Sep 07, 2007 4:50 pm
by feyd
regarding what?

Re: Public php.ini

Posted: Fri Sep 07, 2007 5:12 pm
by Ollie Saunders
JAB Creations wrote:Your thoughts?
They are ignorant of the risks associated with exposure.

Posted: Fri Sep 07, 2007 5:14 pm
by JAB Creations
Just curious to what the initial reactions. I suspected this to be a security risk (probably an understatement).

Posted: Sat Sep 08, 2007 2:57 am
by onion2k
Any file with server information in it might be useful, but in the case of php.ini it doesn't really give much away. Especially if it's pretty much the default version like that one. Plus you're assuming that they're actually using that ini file. The fact it's there doesn't mean it's the one the server is configured to use.

Posted: Sat Sep 08, 2007 7:28 am
by superdezign
The only danger of showing the php.ini file is if they have a bad configuration that can be exploited. Either way, someone would possibly notice eventually.

Posted: Mon Sep 10, 2007 9:44 am
by Jenk
That doesn't look like the usual php.ini format?

Posted: Mon Sep 10, 2007 10:43 am
by RobertGonzalez
I think their server is having problems, because you get a directory listing when you hit the base URI --> http://www.todaystechnews.com/

Anyway, that php.ini looks to be a plain jane php.ini file with only minor modifications. It looks to be an example file that some site may be using as a 'look for a file that looks something like this' type of thing.

EDIT | Actually, looking at the directory listing I would venture to say that the site is being hosted by a host that allows PHP 4 and 5 on the same machine and allows each virtual host to be able to manage their own PHP ini file. Or something of that nature. The funny thing is that the site is hosted on an Apache server and the index page in that directory listing is default.html, something commonly associated with an IIS type of server (whereas Apache typically uses index.html). Anyway, I think it might be a new site with some set up issues that will be resolved eventually.