id: phpinfo-files info: name: PHPinfo Page - Detect author: pdteam,daffainfo,meme-lord,dhiyaneshDK,wabafet severity: low description: | PHPinfo page was detected. The output of the phpinfo() command can reveal sensitive and detailed PHP environment information. remediation: Remove PHP Info pages from publicly accessible sites, or restrict access to authorized users only. classification: cwe-id: CWE-200 tags: config,exposure,phpinfo requests: - method: GET path: - "{{BaseURL}}/php.php" - "{{BaseURL}}/phpinfo.php" - "{{BaseURL}}/info.php" - "{{BaseURL}}/infophp.php" - "{{BaseURL}}/php_info.php" - "{{BaseURL}}/test.php" - "{{BaseURL}}/i.php" - "{{BaseURL}}/asdf.php" - "{{BaseURL}}/pinfo.php" - "{{BaseURL}}/phpversion.php" - "{{BaseURL}}/time.php" - "{{BaseURL}}/index.php" - "{{BaseURL}}/temp.php" - "{{BaseURL}}/old_phpinfo.php" - "{{BaseURL}}/infos.php" - "{{BaseURL}}/linusadmin-phpinfo.php" - "{{BaseURL}}/php-info.php" - "{{BaseURL}}/dashboard/phpinfo.php" - "{{BaseURL}}/_profiler/phpinfo.php" - "{{BaseURL}}/_profiler/phpinfo" - "{{BaseURL}}/?phpinfo=1" stop-at-first-match: true matchers-condition: and matchers: - type: word part: body words: - "PHP Extension" - "PHP Version" condition: and - type: status status: - 200 extractors: - type: regex part: body group: 1 regex: - '>PHP Version <\/td>([0-9.]+)' # Enhanced by md on 2023/02/22