Re: Information Disclosure: PHPInfo Page Accessible on (https://daid.eu

[WhiteHat Warden <warden.wh.hat@gmail.com>]

Hi Team,
I wanted to follow up on the vulnerability I submitted. I took care to follow responsible disclosure practices and ensure the report was clear and actionable.
If your team offers any form of reward or appreciation for valid reports, I’d be grateful to be considered. These gestures really encourage continued ethical research and collaboration.
Thanks again for your time.
Best Regards.

On Thu, Jun 26, 2025 at 6:34 PM WhiteHat Warden <warden.wh.hat@gmail.com> wrote:

Severity: Medium
Bug Name: PHPInfo Exposure

Website:  https://daid.eu
Affected POC: https://daid.eu/info.php

Description:
Your publicly accessible PHPInfo page reveals detailed server and PHP environment configurations including installed modules, environment variables, and file paths. Attackers can leverage this data to craft targeted exploits, increasing your risk exposure.

Impact:

• Exposure of sensitive system and server information.

• Enables attackers to tailor attacks specifically to your environment.

• Potential stepping stone for further exploitation.

Suggested Fix:

• Remove or restrict access to PHPInfo pages.

• Implement authentication controls or IP restrictions where access is necessary.

• Regularly review exposed information and harden server configurations.

White Hat Note:
We disclose these findings to help secure your environment. Please update us once mitigated to verify and acknowledge your security improvements.