Description
This plugin searches for the PHP Info file in all the directories and subdirectories that are sent as input and if it finds it will try to determine the version of the PHP. The PHP Info file holds information about the PHP and the system (version, environment, modules, extensions, compilation options, etc). For example, if the input is:
- http://localhost/w3af/index.php
The plugin will perform these requests:
- http://localhost/w3af/phpinfo.php
- http://localhost/phpinfo.php
- …
- http://localhost/test.php?mode=phpinfo
Once the phpinfo(); file is found the plugin also checks for probably insecure php settings and reports findings.
Plugin type
Options
This plugin doesn’t have any user configured options.
Source
For more information about this plugin and the associated tests, there’s always the source code to understand exactly what’s under the hood:
Plugin source code
Unittest source code
Dependencies
This plugin has no dependencies.