[HaBo]
| Webmaster-Security Fragen zur richtigen Serverkonfiguration oder Absicherung dynamischer Scripte gehören hier hinein. |
phpinfo - welche Lücken gibt es ?
Diskussion: phpinfo - welche Lücken gibt es ? im Forum Webmaster-Security, in der Kategorie Security Area; Anzeige Hallo zusammen! Ich würde gerne wissen welche Lücken es noch in der phpinfo gibt, da ich da drinn kein ...
 |
10.10.08, 00:30
| #1 (permalink) |
| Registriert seit: 17.08.08  Likes: 0 |  phpinfo - welche Lücken gibt es ? Anzeige Hallo zusammen! Ich würde gerne wissen welche Lücken es noch in der phpinfo gibt, da ich da drinn kein Profi binn würde ich mich über Hilfe sehr freuen. hier die phpinfo: Code: PHP Version 4.4.8 System Windows NT P158 5.2 build 3790 Build Date Feb 12 2008 05:01:56 Server API Apache 2.0 Handler Virtual Directory Support enabled Configuration File (php.ini) Path C:\xampp\apache\bin\php.ini PHP API 20020918 PHP Extension 20020429 Zend Extension 20050606 Debug Build no Zend Memory Manager enabled Thread Safety enabled Registered PHP Streams php, http, ftp, compress.zlib This program makes use of the Zend Scripting Language Engine: Zend Engine v1.3.0, Copyright (c) 1998-2004 Zend Technologies with Zend Extension Manager v1.2.0, Copyright (c) 2003-2007, by Zend Technologies with Zend Optimizer v3.3.3, Copyright (c) 1998-2007, by Zend Technologies -------------------------------------------------------------------------------- PHP Credits -------------------------------------------------------------------------------- Configuration PHP Core Directive Local Value Master Value allow_call_time_pass_reference On On allow_url_fopen On On always_populate_raw_post_data Off Off arg_separator.input & & arg_separator.output & & asp_tags Off Off auto_append_file no value no value auto_prepend_file no value no value browscap C:\xampp\php\browscap\browscap.ini C:\xampp\php\browscap\browscap.ini default_charset no value no value default_mimetype text/html text/html define_syslog_variables Off Off disable_classes no value no value disable_functions no value no value display_errors On On display_startup_errors Off Off doc_root no value no value docref_ext no value no value docref_root no value no value enable_dl On On error_append_string no value no value error_log no value no value error_prepend_string no value no value error_reporting 2039 2039 expose_php On On extension_dir C:\xampp\php\extensions\ C:\xampp\php\extensions\ file_uploads On On gpc_order GPC GPC highlight.bg #FFFFFF #FFFFFF highlight.comment #FF8000 #FF8000 highlight.default #0000BB #0000BB highlight.html #000000 #000000 highlight.keyword #007700 #007700 highlight.string #DD0000 #DD0000 html_errors On On ignore_repeated_errors Off Off ignore_repeated_source Off Off ignore_user_abort Off Off implicit_flush Off Off include_path .;C:\xampp\php\pear\ .;C:\xampp\php\pear\ log_errors Off Off log_errors_max_len 1024 1024 magic_quotes_gpc On On magic_quotes_runtime Off Off magic_quotes_sybase Off Off max_execution_time 60 60 max_input_nesting_level 500 500 max_input_time 60 60 open_basedir no value no value output_buffering no value no value output_handler no value no value post_max_size 16M 16M precision 12 12 register_argc_argv On On register_globals Off Off report_memleaks On On safe_mode Off Off safe_mode_exec_dir no value no value safe_mode_gid Off Off safe_mode_include_dir no value no value sendmail_from no value no value sendmail_path no value no value serialize_precision 100 100 short_open_tag On On SMTP localhost localhost smtp_port 25 25 sql.safe_mode Off Off track_errors Off Off unserialize_callback_func no value no value upload_max_filesize 16M 16M upload_tmp_dir C:\xampp\tmp C:\xampp\tmp user_dir no value no value variables_order EGPCS EGPCS xmlrpc_error_number 0 0 xmlrpc_errors Off Off y2k_compliance On On bcmath BCMath support enabled calendar Calendar support enabled com Directive Local Value Master Value com.allow_dcom Off Off com.autoregister_casesensitive On On com.autoregister_typelib Off Off com.autoregister_verbose Off Off com.typelib_file no value no value ctype ctype functions enabled ftp FTP support enabled gd GD Support enabled GD Version bundled (2.0.28 compatible) FreeType Support enabled FreeType Linkage with freetype GIF Read Support enabled GIF Create Support enabled JPG Support enabled PNG Support enabled WBMP Support enabled XBM Support enabled gettext GetText Support enabled hyperwave Hyperwave Support enabled HG-CSP Version 7.17 Directive Local Value Master Value hyperwave.allow_persistent 0 0 hyperwave.default_port 418 418 imap IMAP c-Client Version 2004 SSL Support enabled mbstring Multibyte Support enabled Japanese support enabled Simplified chinese support enabled Traditional chinese support enabled Korean support enabled Russian support enabled Multibyte (japanese) regex support enabled mbstring extension makes use of "streamable kanji code filter and converter", which is distributed under the GNU Lesser General Public License version 2.1. Directive Local Value Master Value mbstring.detect_order no value no value mbstring.encoding_translation Off Off mbstring.func_overload 0 0 mbstring.http_input pass pass mbstring.http_output pass pass mbstring.internal_encoding no value no value mbstring.language neutral neutral mbstring.substitute_character no value no value mime_magic mime_magic support enabled Directive Local Value Master Value mime_magic.magicfile C:\xampp\php\extras\magic.mime C:\xampp\php\extras\magic.mime ming Ming SWF output library enabled Version 0.3beta1 mssql MSSQL Support enabled Active Persistent Links 0 Active Links 0 Library version 7.0 Directive Local Value Master Value mssql.allow_persistent On On mssql.batchsize 0 0 mssql.compatability_mode Off Off mssql.connect_timeout 5 5 mssql.datetimeconvert On On mssql.max_links Unlimited Unlimited mssql.max_persistent Unlimited Unlimited mssql.max_procs Unlimited Unlimited mssql.min_error_severity 10 10 mssql.min_message_severity 10 10 mssql.secure_connection Off Off mssql.textlimit Server default Server default mssql.textsize Server default Server default mssql.timeout 60 60 mysql MySQL Support enabled Active Persistent Links 0 Active Links 0 Client API version 3.23.49 Directive Local Value Master Value mysql.allow_persistent On On mysql.connect_timeout 60 60 mysql.default_host no value no value mysql.default_password no value no value mysql.default_port no value no value mysql.default_socket no value no value mysql.default_user no value no value mysql.max_links Unlimited Unlimited mysql.max_persistent Unlimited Unlimited mysql.trace_mode Off Off odbc ODBC Support enabled Active Persistent Links 0 Active Links 0 ODBC library Win32 Directive Local Value Master Value odbc.allow_persistent On On odbc.check_persistent On On odbc.default_db no value no value odbc.default_pw no value no value odbc.default_user no value no value odbc.defaultbinmode return as is return as is odbc.defaultlrl return up to 4096 bytes return up to 4096 bytes odbc.max_links Unlimited Unlimited odbc.max_persistent Unlimited Unlimited openssl OpenSSL support enabled OpenSSL Version OpenSSL 0.9.8e 23 Feb 2007 overload User-Space Object Overloading Support enabled pcre PCRE (Perl Compatible Regular Expressions) Support enabled PCRE Library Version 7.0 18-Dec-2006 pdf PDF Support enabled PDFlib GmbH Version 5.0.3 Revision $Revision: 1.112.2.11.2.3 $ session Session Support enabled Registered save handlers files user Directive Local Value Master Value session.auto_start Off Off session.bug_compat_42 On On session.bug_compat_warn On On session.cache_expire 180 180 session.cache_limiter nocache nocache session.cookie_domain no value no value session.cookie_lifetime 0 0 session.cookie_path / / session.cookie_secure Off Off session.entropy_file no value no value session.entropy_length 0 0 session.gc_divisor 100 100 session.gc_maxlifetime 1440 1440 session.gc_probability 1 1 session.name PHPSESSID PHPSESSID session.referer_check no value no value session.save_handler files files session.save_path C:\xampp\tmp C:\xampp\tmp session.serialize_handler php php session.use_cookies On On session.use_only_cookies Off Off session.use_trans_sid Off Off sockets Sockets Support enabled standard Regex Library Bundled library enabled Dynamic Library Support enabled Internal Sendmail Support for Windows enabled Directive Local Value Master Value assert.active 1 1 assert.bail 0 0 assert.callback no value no value assert.quiet_eval 0 0 assert.warning 1 1 auto_detect_line_endings 0 0 default_socket_timeout 60 60 safe_mode_allowed_env_vars PHP_ PHP_ safe_mode_protected_env_vars LD_LIBRARY_PATH LD_LIBRARY_PATH url_rewriter.tags a=href,area=href,frame=src,input=src,form=,fieldset= a=href,area=href,frame=src,input=src,form=,fieldset= user_agent no value no value tokenizer Tokenizer Support enabled wddx WDDX Support enabled WDDX Session Serializer enabled xml XML Support active XML Namespace Support active EXPAT Version 1.95.6 xmlrpc core library version xmlrpc-epi v. 0.51 php extension version 0.51 author Dan Libby homepage http://xmlrpc-epi.sourceforge.net open sourced by Epinions.com xslt XSLT support enabled Backend Sablotron Sablotron Version 1.0 zip Zip support enabled zlib ZLib Support enabled Compiled Version 1.2.3 Linked Version 1.2.3 Directive Local Value Master Value zlib.output_compression Off Off zlib.output_compression_level -1 -1 zlib.output_handler no value no value Additional Modules Module Name Environment Variable Value ALLUSERSPROFILE C:\Documents and Settings\All Users APPDATA C:\Documents and Settings\Administrator\Application Data CLIENTNAME **** CommonProgramFiles C:\Program Files\Common Files COMPUTERNAME P158 ComSpec C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK NO HOMEDRIVE C: HOMEPATH \Documents and Settings\Administrator LOGONSERVER \\P158 NUMBER_OF_PROCESSORS 2 OS Windows_NT Path C:\PROGRA~1\SWsoft\Plesk\ADDITI~1\Perl\bin\;C:\Program Files\SWsoft\Plesk\Mail Servers\Mail Enable\BIN;C:\Perl\bin\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem PATHEXT .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE x86 PROCESSOR_IDENTIFIER x86 Family 15 Model 67 Stepping 2, AuthenticAMD PROCESSOR_LEVEL 15 PROCESSOR_REVISION 4302 ProgramFiles C:\Program Files SESSIONNAME RDP-Tcp#1 SystemDrive C: SystemRoot C:\WINDOWS TEMP C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\1 TMP C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\1 USERDOMAIN P158 USERNAME Administrator USERPROFILE C:\Documents and Settings\Administrator windir C:\WINDOWS AP_PARENT_PID 3144 PHP Variables Variable Value _SERVER["AuthDigestEnableQueryStringHack"] On _SERVER["HTTP_ACCEPT"] image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */* _SERVER["HTTP_ACCEPT_LANGUAGE"] de-at _SERVER["HTTP_ACCEPT_ENCODING"] gzip, deflate _SERVER["HTTP_USER_AGENT"] Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) _SERVER["HTTP_HOST"] www.****.de _SERVER["HTTP_CONNECTION"] Keep-Alive _SERVER["PATH"] C:\\PROGRA~1\\SWsoft\\Plesk\\ADDITI~1\\Perl\\bin\\;C:\\Program Files\\SWsoft\\Plesk\\Mail Servers\\Mail Enable\\BIN;C:\\Perl\\bin\\;C:\\WINDOWS\\system32;C:\\WINDOWS;C:\\WINDOWS\\System32\\Wbem _SERVER["SystemRoot"] C:\\WINDOWS _SERVER["COMSPEC"] C:\\WINDOWS\\system32\\cmd.exe _SERVER["PATHEXT"] .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH _SERVER["WINDIR"] C:\\WINDOWS _SERVER["SERVER_SIGNATURE"] <address>Apache/2.2.9 (Win32) DAV/2 mod_ssl/2.2.9 OpenSSL/0.9.8h mod_autoindex_color PHP/4.4.8 Server at www.****.de Port 80</address> _SERVER["SERVER_SOFTWARE"] Apache/2.2.9 (Win32) DAV/2 mod_ssl/2.2.9 OpenSSL/0.9.8h mod_autoindex_color PHP/4.4.8 _SERVER["SERVER_NAME"] www.****.de _SERVER["SERVER_ADDR"] **** _SERVER["SERVER_PORT"] 80 _SERVER["REMOTE_ADDR"] **** _SERVER["DOCUMENT_ROOT"] C:/xampp/htdocs _SERVER["SERVER_ADMIN"] admin@localhost _SERVER["SCRIPT_FILENAME"] C:/xampp/htdocs/phpinfo.php _SERVER["REMOTE_PORT"] 2054 _SERVER["GATEWAY_INTERFACE"] CGI/1.1 _SERVER["SERVER_PROTOCOL"] HTTP/1.1 _SERVER["REQUEST_METHOD"] GET _SERVER["QUERY_STRING"] no value _SERVER["REQUEST_URI"] /phpinfo.php _SERVER["SCRIPT_NAME"] /phpinfo.php _SERVER["PHP_SELF"] /phpinfo.php _SERVER["PATH_TRANSLATED"] C:/xampp/htdocs/phpinfo.php _SERVER["argv"] Array ( ) _SERVER["argc"] 0 _ENV["ALLUSERSPROFILE"] C:\\Documents and Settings\\All Users _ENV["APPDATA"] C:\\Documents and Settings\\Administrator\\Application Data _ENV["CLIENTNAME"] **** _ENV["CommonProgramFiles"] C:\\Program Files\\Common Files _ENV["COMPUTERNAME"] P158 _ENV["ComSpec"] C:\\WINDOWS\\system32\\cmd.exe _ENV["FP_NO_HOST_CHECK"] NO _ENV["HOMEDRIVE"] C: _ENV["HOMEPATH"] \\Documents and Settings\\Administrator _ENV["LOGONSERVER"] \\\\P158 _ENV["NUMBER_OF_PROCESSORS"] 2 _ENV["OS"] Windows_NT _ENV["Path"] C:\\PROGRA~1\\SWsoft\\Plesk\\ADDITI~1\\Perl\\bin\\;C:\\Program Files\\SWsoft\\Plesk\\Mail Servers\\Mail Enable\\BIN;C:\\Perl\\bin\\;C:\\WINDOWS\\system32;C:\\WINDOWS;C:\\WINDOWS\\System32\\Wbem _ENV["PATHEXT"] .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH _ENV["PROCESSOR_ARCHITECTURE"] x86 _ENV["PROCESSOR_IDENTIFIER"] x86 Family 15 Model 67 Stepping 2, AuthenticAMD _ENV["PROCESSOR_LEVEL"] 15 _ENV["PROCESSOR_REVISION"] 4302 _ENV["ProgramFiles"] C:\\Program Files _ENV["SESSIONNAME"] RDP-Tcp#1 _ENV["SystemDrive"] C: _ENV["SystemRoot"] C:\\WINDOWS _ENV["TEMP"] C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\1 _ENV["TMP"] C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\1 _ENV["USERDOMAIN"] P158 _ENV["USERNAME"] Administrator _ENV["USERPROFILE"] C:\\Documents and Settings\\Administrator _ENV["windir"] C:\\WINDOWS _ENV["AP_PARENT_PID"] 3144 Code: |
|  |
|
10.10.08, 00:41
| #2 (permalink) |
 Registriert seit: 06.01.07 Likes: 0 | 1. Bitte benutze die code- und spoiler-tags  2. Dazu gibt es mehr als genug informationen via google, etc... Schau dir doch zb einfach mal die phpinfo() von diversen hostern an, zb funpic - MfG Keks |
|
| |
| HaBOT | - Anzeige - |
|
|
10.10.08, 13:52
| #3 (permalink) |
| Moderator   Registriert seit: 30.03.04  Likes: 14 | Hallo, die Antwort ist einfach: Configuration File (php.ini) Path C:\xampp\apache\bin\php.ini XAMPP dient ausschließlich für Entwicklungszwecke und sollte nicht im produktiven Umfeld verwendet werden. Wenn du also einen sicheren Webserver brauchst, installiere dir z.B. Debian, Apache, PHP mit Suhosin und MySQL. Allerdings braucht man dennoch noch sehr viel Erfahrung in der Config von Debian, Apache, PHP und MySQL um ein halbwegs sicheren Server hinzubekommen. Fazit: Lass die Finger davon und miete dir irgendwo Webspace. |
|
| |
|
10.10.08, 14:34
| #4 (permalink) | |
| Member of Honour   Registriert seit: 22.02.07  Likes: 77 | Zitat:
und dieser Zeile: Code: _SERVER["SERVER_NAME"] www.****.de Desweiteren: Wer bietet heutzutage noch Webspace mit nur PHP4? PHP4 wird AFAIK nicht mehr so wirklich supportet.... es kam jetzt wohl nochmal eine neue Version im August (php4.4.9) wo noch ein paar sicherheitstechnische Probleme behoben wurden, aber zur Zeit ist PHP 5.3 als Beta raus und PHP6 rückt auch immer näher.... außerdem ist objektorientierte Programmierung mit PHP4 einfach abartig, da unausgereift... Zur Konfiguaration:
noch ein Tipp für dich: http://phpsec.org/projects/phpsecinfo/index.html | |
| |
|
| - Anzeige - | |
|
|
[HaBo] » Security Area » Webmaster-Security » phpinfo - welche Lücken gibt es ?
| Themen-Optionen | |
| Ansicht | |
Linear-Darstellung
| |
Ähnliche Themen | ||||
| Thema | Autor | Forum | Antworten | Letzter Beitrag |
| phpinfo - welche Lücken gibts ? | Doctronimus | Webmaster-Security | 6 | 15.11.07 21:28 |
| Welche Daten gibt ein Router weiter? | gkl | Network · LAN, WAN, Firewalls | 11 | 01.12.05 15:50 |
| Welche Spiele gibt es für MAC? | cpt.jonti | Mac OS & Co. | 9 | 26.09.04 12:05 |
| Erweiterte Opera 7.21 FAQ & Mausgesten (Welche gibt es?) | Morpheus84 | Applikationen | 0 | 24.10.03 12:41 |
