将phpinfo()暴露给最终用户可能会带来什么安全问题? [英] What security problems could come from exposing phpinfo() to end users?

问题描述

如果向最终用户显示了phpinfo()转储，那么恶意用户对该信息进行的最糟糕的处理是什么?哪些字段最不安全?也就是说，如果您的phpinfo()在公开显示后被删除，那么您应该在哪里监视/关注恶意攻击?

If a phpinfo() dump is shown to an end user, what is the worst that a malicious user could do with that information? What fields are most unsecure? That is, if your phpinfo() was publicly displayed, after taking it down, where should you watch/focus for malicious exploits?

推荐答案

了解文件系统的结构可能会让黑客在您的站点容易受到攻击的情况下执行目录遍历攻击.

Knowing the structure of your filesystem might allow hackers to execute directory traversal attacks if your site is vulnerable to them.

我认为单独暴露phpinfo()不一定有风险，但是与另一个漏洞结合使用可能会导致您的网站受到损害.

I think exposing phpinfo() on its own isn't necessarily a risk, but in combination with another vulnerability could lead to your site becoming compromised.

很显然，黑客掌握的有关您系统的信息越少越好.禁用phpinfo()不会使您的网站安全，但是会使他们的工作更困难.

Obviously, the less specific info hackers have about your system, the better. Disabling phpinfo() won't make your site secure, but will make it slightly more difficult for them.

这篇关于将phpinfo()暴露给最终用户可能会带来什么安全问题?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！