id: phpinfo-files info: name: PHPinfo Page - Detect author: pdteam,daffainfo,meme-lord,dhiyaneshDK,wabafet,mastercho severity: low description: | PHPinfo page was detected. The output of the phpinfo() command can reveal sensitive and detailed PHP environment information. remediation: Remove PHP Info pages from publicly accessible sites, or restrict access to authorized users only. classification: cwe-id: CWE-200 metadata: max-request: 25 tags: config,exposure,phpinfo http: - method: GET path: - "{{BaseURL}}{{paths}}" payloads: paths: - "/php.php" - "/php2.php" - "/phpinfo.php" - "/info.php" - "/infophp.php" - "/php_info.php" - "/test.php" - "/i.php" - "/p.php" - "/pi.php" - "/asdf.php" - "/pinfo.php" - "/phpversion.php" - "/time.php" - "/index.php" - "/temp.php" - "/old_phpinfo.php" - "/infos.php" - "/linusadmin-phpinfo.php" - "/php-info.php" - "/dashboard/phpinfo.php" - "/_profiler/phpinfo.php" - "/_profiler/phpinfo" - "/?phpinfo=1" - "/l.php?act=phpinfo" stop-at-first-match: true matchers-condition: and matchers: - type: word part: body words: - "PHP Extension" - "PHP Version" condition: and - type: status status: - 200 extractors: - type: regex part: body group: 1 regex: - '>PHP Version <\/td>([0-9.]+)' # digest: 4a0a0047304502210099232841cdc5c231ae3d676d8a93bdf005460495483757f8fc3716bc033b481a02202dacf40e940a66680b41af4802eb37a6e470d949904241b26612ba281013e422:922c64590222798bb761d5b6d8e72950