The good thing about images is that JavaScript can check if they are loaded and what size they are. With this ability it is trivial to detect if PHP is running on an URL if expose_php=On.
Here is the little proof of concept:
<html><head><title>Detect PHP Version by JavaScript</title>
<script>
function fail()
{
alert("URL is not powered by PHP or expose_php=off");
}
function detect()
{
if (xxx.width == 100 && xxx.height==58) {
alert("URL is powered by PHP 4");
} else if (xxx.width == 113 && xxx.height==72) {
alert("URL is powered by PHP 5");
} else {
alert("No PHP or unknown PHP version");
}
}
</script></head>
<body>
<img
src="http://URL/?=PHPE9568F35-D428-11d2-A769-00AA001ACF42"
onerror="fail()" name=xxx onload="detect()">
</body>
</html>
Posts
No comments:
Post a Comment