phpinfo is a builtin function to output PHP’s configuration. The phpinfo() function outputs information like PHP compilation options, PHP extensions, OS information, PHP license and much more sensitive information. This function was introduced for developers to get configuration details and predefined variables on a given system. The phpinfo() is also a debugging tool as it consists of all the information a developer wants to know about a server. If anyone uploads the phpinfo() function to their webroot/index.php file, they can see their server’s configuration settings.
For an attacker, the information printed by the phpinfo() function has vital significance. Using this information, the attacker can efficiently plan a successful attack. As this function shows the version of PHP, the attacker will search for the vulnerabilities that version of PHP has. If an attacker gets hold of phpinfo(), he can destroy the web application.
Some methods also related to phpinfo
The following code is a successful implementation of phpinfo().
<?php
phpinfo();
?>
The impacts include:-
Using this vulnerability, the attacker can also
Beagle recommends the following fixes:-