This PHP hack works on loads of sites - but not here?

dickinsd · Post by **dickinsd** » Fri Apr 01, 2005 2:29 pm

I would like to know what you did to stop this from working:

I had a post about this:

Add this to any php page ?=PHPE9568F36-D428-11d2-A769-00AA001ACF42

e.g.

http://www.rndinternet.co.uk/?=PHPE9568 ... AA001ACF42

and you get a PHP 'present'

Look at www.php.net top left where the logo is also.

But it doesn't work here, or it doesn't appear to, I was wondering if that was something Void Main had dealt with or if it is just something that phpBB has ripped out?

Dave

dickinsd · Post by **dickinsd** » Fri Apr 01, 2005 4:05 pm

Ok have been told now:

If you turn expose_php = off in the php.ini, it wont show.
The default is on, so it shows, just like you can attach a little string to show the phpinfo without actually calling phpinfo(); in a php file.

Dave

Void Main · Post by **Void Main** » Fri Apr 01, 2005 7:15 pm

Actually if you are running Red Hat or Fedora PHP RPMS this will not work even if you did have PHP "expose_php = on" (which I don't). Red Hat includes a patch to remove the Easter egg. I noticed the patch several releases back when I was making some custimizations to the stock PHP RPM. I was actually customizing the current release today (creating the php-oci8 Oracle RPM) and noticed it again right before seeing this post. Here is the patch that is still included in the current release of PHP:

http://voidmain.is-a-geek.net/files/pat ... ster.patch

HTMLified version:

http://voidmain.is-a-geek.net/files/pat ... patch.html

As you can see from the patch, there is a credits egg in there as well:

http://www.rndinternet.co.uk/?=PHPB8B5F ... 7B08C10000