将 phpinfo() 暴露给最终用户会带来哪些安全问题? [英] What security problems could come from exposing phpinfo() to end users?

问题描述

如果向最终用户显示 phpinfo() 转储，恶意用户可以利用该信息做的最坏的事情是什么?哪些领域最不安全?也就是说，如果您的 phpinfo() 被公开展示，在将其删除后，您应该注意/关注哪些恶意漏洞?

If a phpinfo() dump is shown to an end user, what is the worst that a malicious user could do with that information? What fields are most unsecure? That is, if your phpinfo() was publicly displayed, after taking it down, where should you watch/focus for malicious exploits?

推荐答案

如果您的站点容易受到黑客攻击，那么了解您的文件系统的结构可能会允许黑客执行目录遍历攻击.

Knowing the structure of your filesystem might allow hackers to execute directory traversal attacks if your site is vulnerable to them.

我认为单独暴露 phpinfo() 不一定有风险，但与其他漏洞结合使用可能会导致您的网站遭到入侵.

I think exposing phpinfo() on its own isn't necessarily a risk, but in combination with another vulnerability could lead to your site becoming compromised.

显然，黑客对您的系统的具体信息越少越好.禁用 phpinfo() 不会使您的网站安全，但会使他们稍微困难一些.

Obviously, the less specific info hackers have about your system, the better. Disabling phpinfo() won't make your site secure, but will make it slightly more difficult for them.

这篇关于将 phpinfo() 暴露给最终用户会带来哪些安全问题?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！