FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » FUDforum Development » FUDforum 3.0+ » php.php
Show: Today's Messages :: Unread Messages :: Show Polls :: Message Navigator
| Subscribe to topic | Bookmark topic 
Switch to threaded view of this topic Create a new topic Submit Reply
php.php [message #24705] Tue, 10 May 2005 10:16 Go to next message
danger is currently offline  danger   Slovakia
Messages: 11
Registered: May 2005
Location: Slovakia
Karma: 0
Junior Member
add to buddy list
ignore all messages by this user
what is this peace of code in php.php good for?
(I know what is it good for, I mean, why is it there?!)

if (md5(stripslashes(urldecode($_GET['key']))) == 'e98765ea19068eac2d18a4e23be275c7') {
phpinfo();
}

Re: php.php [message #24707 is a reply to message #24705] Tue, 10 May 2005 11:11 Go to previous messageGo to next message
JamesS is currently offline  JamesS   United States
Messages: 275
Registered: July 2002
Location: Atlanta, GA
Karma: 0
Senior Member
add to buddy list
ignore all messages by this user
It is used by the authors to view the PHP configuration on servers they are trying to help diagnose problems on. At least, that is why I assume that it is there.
Re: php.php [message #24709 is a reply to message #24705] Tue, 10 May 2005 11:57 Go to previous messageGo to next message
danger is currently offline  danger   Slovakia
Messages: 11
Registered: May 2005
Location: Slovakia
Karma: 0
Junior Member
add to buddy list
ignore all messages by this user
I thought so, but never seen this before in any other php products.

this peace of code is able to make feel somebody, that developers of FUDforum are people who want to get some internal server's info...
Re: php.php [message #24710 is a reply to message #24705] Tue, 10 May 2005 12:03 Go to previous messageGo to next message
JamesS is currently offline  JamesS   United States
Messages: 275
Registered: July 2002
Location: Atlanta, GA
Karma: 0
Senior Member
add to buddy list
ignore all messages by this user
I don't know of any information that is reported by phpinfo() that can be used in a malicious manner which can't be assertained by just issuing the proper HTTP headers to the server through a telnet session.
Re: php.php [message #24735 is a reply to message #24705] Thu, 12 May 2005 17:31 Go to previous message
Ilia is currently offline  Ilia   Mexico
Messages: 13241
Registered: January 2002
Karma: 0
Senior Member
Administrator
Core Developer
add to buddy list
ignore all messages by this user
It's a debugging tool for when there is a problem, most large applications have an instance of such a file. If you can't spot it, you haven't looked hard enough.

FUDforum Core Developer
Quick Reply
Formatting Tools:   
  Switch to threaded view of this topic Create a new topic
Previous Topic: New error
Next Topic: HTML Cleanup
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sat Dec 16 21:35:52 EST 2017

Total time taken to generate the page: 0.00704 seconds