PHP Easter Eggs Enabled

Affected IPs:

PHP has several known “easter eggs” which are packaged with PHP versions prior to 5.5. There are four strings which can be appended to any PHP script to display logos and developer credits. While these easter eggs do not disclose particularly sensitive information, they can be used by an attacker to profile the version of PHP installed and fine tune future attacks.

Below is a summary of the easter eggs identified:
1) PHP Credits: A display of credits for the PHP developer team.
‘?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000’

2) PHP Version Logo: A logo which varies between versions of PHP
‘?=PHPE9568F36-D428-11d2-A769-00AA001ACF42’

3) Zend Logo: A logo of the Zend framework
‘?=PHPE9568F35-D428-11d2-A769-00AA001ACF42’

4) PHP Logo: A logo for the PHP framework:
‘?=PHPE9568F34-D428-11d2-A769-00AA001ACF42’

Remediation

Virtue Security recommends that Acme Bank remove PHP easter eggs. This can be accomplished by setting the expose_php directive in php.ini to “Off”. Disabling expose_php will also remove the PHP version from the ‘X-Powered-By’ HTTP header.

To do this, simply locate the php.ini configuration file and locate the expose_php directive. Ensure the value is set to “Off” as shown below:

expose_php = Off

It is also recommended that the version of PHP be upgraded to the latest stable version. At the time of this writing the latest stable version is 5.5.11 and is available at the following URL: http://php.net/downloads.php