从phpinfo中能获取哪些敏感信息

  • 内容
  • 相关

phpinfo()想必的最熟悉的了,在搭建环境之后都会随后写一个 phpinfo()来测试环境是否正常,很多人测试完毕忘记删除就开始部署环境了,这就造成了一些敏感信息的泄漏。那么我们能从 phpinfo()中获得哪些敏感信息呢?php 版本这种就不用说了,来看一下泄漏了哪些比较敏感的信息。 
一、绝对路径(_SERVER[“SCRIPT_FILENAME”])
这个是最常用,也是最有效的一个办法,找到 phpinfo()页面可以直接找到网站的绝对路径,对于写 shell 和信息搜集是必不可少的。

二、支持的程序
可以通过 phpinfo()查看一些特殊的程序服务,比如 redis、memcache、mysql、SMTP、curl 等等如果服务器装了 redis 或者 memcache 可以通过 ssrf 来 getshell 了,在 discuz 中都出现过此类问题。如果确定装了 redis 或 memcache 的话,在没有思路的情况下,可以着重找一下 ssrf

三、泄漏真实 ip(_SERVER[“SERVER_ADDR”]或 SERVER_ADDR)
有时候通过 phpinfo()泄漏的 ip 可以查查旁站、c 段什么的,直接无视 cdn,百事不灵。

四、GOPHER
也算是 ssrf 一部分吧,或者说主要靠 ssrf 利用起来,如果支持 gopher,ssrf 便没有压力咯

五、fastcgi
查看是否开启 fastcgi 和 fastcgi 的版本,可能导致解析漏洞、远程命令执行、任意文件读取等问题

六、泄漏缓存文件地址(_FILES[“file1”])

向 phpinfo() post 一个 shell 可以在_FILES[“file1”]中看到上传的临时文件,如果有个 lfi,便可以直接 getshell 了。

Image

七、一些敏感配置

allow_url_include、allow_url_fopen、disable_functions、open_basedir、short_open_tag 等等比如 allow_url_include 可用来远程文件包含、disable_functions 用来查看禁用函数,绕过执行、查看是否开启 open_basedir,用 p 牛的绕过 open_basedir 的方法有可能能读一些没权限的目录等等。此外还能获取一些环境信息,比如 Environment 中的 path、log 等

本文标签:

版权声明:若无特殊注明,本文皆为《舜哥哥吖》原创,转载请保留文章出处。

本文链接:从phpinfo中能获取哪些敏感信息 - https://www.shungg.cn/post/164

发表评论

电子邮件地址不会被公开。 必填项已用*标注

评论

5条评论
  1. avatar

    안전한 놀이터 Lv.1 Safari 11.1.1 Safari 11.1.1 Mac OS X 10.11.6 Mac OS X 10.11.6 回复

    I think that what you posted made a ton of sense.
    However, what about this? suppose you wrote a catchier post title?
    I am not suggesting your content isn't good, but what if you added
    a post title to possibly grab people's attention? I mean 从phpinfo中能获取哪些敏感信息 is kinda
    boring. You could peek at Yahoo's front page
    and see how they create news headlines to get viewers to click.
    You might add a video or a related picture or two to get readers
    excited about what you've got to say. Just
    my opinion, it could bring your blog a little bit more interesting.

    美国 CloudFlare公司CDN节点

    1. avatar

      Geneva Jiminez Lv.1 Chrome 64.0.3282.186 Chrome 64.0.3282.186 Fedora x64 Fedora x64 回复

      ATT: shungg.cn / Shun's Blog - 致力于关注黑客技术、网络安全、WEB安全。-Shun's Blog - 专注于网络安全,WEB安全,漏洞发布,渗透技术,黑客攻防,攻防演练,是一个综合性黑客技术分享交流博客。 SITE SOLUTIONS
      This notice RUNS OUT ON: Sep 13, 2020


      We have actually not received a payment from you.
      We  have actually attempted to call you however were unable to contact you.


      Kindly Go To:  https://bit.ly/3bNf5j3 .

      For information and also to process a optional payment for solutions.



      09132020004426.

      美国 CloudFlare公司CDN节点

      1. avatar

        Situs Judi Slot Lv.1 Firefox 56.0 Firefox 56.0 Ubuntu Ubuntu 回复

        I think everything said made a ton of sense. But, what about
        this? what if you were to create a killer post title? I mean, I don't want to tell you how to run your blog, however what if you added
        a headline to maybe get a person's attention? I mean 从phpinfo中能获取哪些敏感信息 is a little plain. You should look at
        Yahoo's front page and note how they write post headlines
        to grab viewers to click. You might try adding a video or a picture or two to get people excited about everything've written. Just my opinion, it might make your posts a little livelier.

        美国 CloudFlare公司CDN节点

        1. avatar

          香港约炮 Lv.1 Firefox 53.0 Firefox 53.0 Windows 8 x64 Edition Windows 8 x64 Edition 回复

          Thanks for finally talking about >从phpinfo中能获取哪些敏感信息 <Liked it!

          美国 CloudFlare公司CDN节点

          1. avatar

            https://dewalego.com Lv.1 Chrome 67.0.3396.87 Chrome 67.0.3396.87 Windows 7 x64 Edition Windows 7 x64 Edition 回复

            Thаnks foor sharing үоur thougһtѕ about 关注网络安全.
            RegarԀs

            世界 美国加州三藩CloudFlare公司AS13335任播网络CDN全球节点(CLOUDFLARENET)(WorldAnyCast)