Severity: Medium
Bug Name: PHPInfo Exposure
Website:
https://daid.eu
Affected POC: https://daid.eu/info.php
Description:
Your publicly accessible PHPInfo page reveals detailed server and PHP environment configurations including installed modules, environment variables, and file paths. Attackers can leverage this data to craft targeted exploits, increasing your risk exposure.
Impact:
Exposure of sensitive system and server information.
Enables attackers to tailor attacks specifically to your environment.
Potential stepping stone for further exploitation.
Suggested Fix:
Remove or restrict access to PHPInfo pages.
Implement authentication controls or IP restrictions where access is necessary.
Regularly review exposed information and harden server configurations.
White Hat Note:
We disclose these findings to help secure your environment. Please update us once mitigated to verify and acknowledge your security improvements.