2.6 Million Domains and ~45,000 Exposed Phpinfo() Later… the Story of Unprotected Phpinfo()by@sdcat
2,464 reads
2,464 reads

2.6 Million Domains and ~45,000 Exposed Phpinfo() Later… the Story of Unprotected Phpinfo()

by sdcat4mDecember 2nd, 2022
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

I scanned 2.6 million domains for exposed phpinfo files. The discoveries where shocking. Many outdated PHP, server or module versions. Many unsafe PHP settings for production systems and quite a lot of sensitive informations are exposed through phpinfo, like database credentials, email accounts, API secrets, access to cloud services or private keys.

Companies Mentioned

Mention Thumbnail
Mention Thumbnail
featured image - 2.6 Million Domains and ~45,000 Exposed Phpinfo() Later… the Story of Unprotected Phpinfo()
sdcat HackerNoon profile picture
sdcat

sdcat

@sdcat

Software developing cat

STORY’S CREDIBILITY

Original Reporting

Original Reporting

This story contains new, firsthand information uncovered by the writer.

L O A D I N G
. . . comments & more!

About Author

sdcat HackerNoon profile picture
sdcat@sdcat
Software developing cat

TOPICS

THIS ARTICLE WAS FEATURED IN...

Permanent on Arweave
Read on Terminal Reader
Read this story in a terminal
 Terminal
Read this story w/o Javascript
Read this story w/o Javascript
 Lite