[Full-Disclosure] Re: Information Disclosure with Invision Board installation (fwd)
Gossi The Dog
gossi at lab6.com
Wed Sep 25 12:13:27 BST 2002
On Wed, 25 Sep 2002, Ka wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> At Mittwoch, 25. September 2002 01:55 Rossen wrote:
> > Fortunately phpinfo() is disabled in safe mode,
> > which is a must for a "production server".
>
> Good idea. But this is not happening on apache
> mod_php4 or am I missing something?
>
> - ------------ output from phpinfo() ----------
> PHP Version 4.0.6
> ...
> Directive Local Value Master Value
> ...
> safe_mode On On
> - ---------------------------------------------
I've checked this with PHP4 too, and get the same behaviour. I presume
phpinfo() can be disabled somewhere in the conf files for safe mode. Is
it by default, one wonders.
Full-Disclosure is hosted and sponsored by Secunia.