PHP Easter Eggs

dragoneye_xp

dragoneye_xp

New Member
Messages
330
Reaction score
0
Points
0
...
If you add the code "?=PHPE9568F36-D428-11d2-A769-00AA001ACF42" (without quotes) to the end of any URL that is a PHP page, you will see a funny picture on most servers. Also on April 1st (April Fool's Day), the picture will replace the PHP logo on any phpinfo() page. If the PHP directive expose_php is set to be "off" in php.ini, then the PHP eggs will not show, but it is "on" by default, and many servers do not change it.
...
These are the four QUERY strings you can add to the end of a PHP web page to view a (somewhat) hidden image or page:

(1) ?=PHPE9568F36-D428-11d2-A769-00AA001ACF42
...displays an "easter egg" image of either a rabbit in a house, a brown dog in the grass, a black Scottish Terrier dog, or a guy with breadsticks (looks like pencils or french fries) sticking out of his mouth like a walrus.
...
(2) ?=PHPE9568F34-D428-11d2-A769-00AA001ACF42
This is used by the phpinfo function to display the PHP logo, but works on other PHP pages.

(3) ?=PHPE9568F35-D428-11d2-A769-00AA001ACF42
This is used by the phpinfo() function to display the Zend logo, but also works on other PHP-parsed pages.

(4) ?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000
This displays the PHP development credits, and is linked to from any phpinfo() page with text "PHP Credits".
Click to expand...

I read this then tried doing that on some random sites and sure enough, it worked! It even does it on my desktop server.
But personally, I think that's just an exploit waiting to happen...
 
Last edited:
lambada

lambada

New Member
Messages
2,444
Reaction score
0
Points
0
That is cool. hmmm..... I wonder if there are any otehr easter eggs?
 
Cynical

Cynical

Active Member
Messages
3,492
Reaction score
0
Points
36
How could somebody exploit that? The PHP interpreter simply checks for the code, then generates the image accordingly. I don't see how someone could exploit something like this....
 
Richard

Richard

Active Member
Messages
2,028
Reaction score
0
Points
36
There is nothing to exploit, the images are base64 encoded into php the same way images are put into any other program you run now days. Having phpinfo() readable to the entire world is more dangerous.
 
You must log in or register to reply here.
Top