Hi Team, I wanted to follow up on the vulnerability I submitted. I took care to follow responsible disclosure practices and ensure the report was clear and actionable. If your team offers any form of reward or appreciation for valid reports, I’d be grateful to be considered. These gestures really encourage continued ethical research and collaboration. Thanks again for your time. Best Regards.
On Thu, Jun 26, 2025 at 6:34 PM WhiteHat Warden <[email protected]> wrote: > *Severity:* Medium > *Bug Name:* PHPInfo Exposure > > *Website:* <https://daid.eu>https://daid.eu > *Affected POC:* https://daid.eu/info.php > > *Description:* > Your publicly accessible PHPInfo page reveals detailed server and PHP > environment configurations including installed modules, environment > variables, and file paths. Attackers can leverage this data to craft > targeted exploits, increasing your risk exposure. > > *Impact:* > > - > > Exposure of sensitive system and server information. > - > > Enables attackers to tailor attacks specifically to your environment. > - > > Potential stepping stone for further exploitation. > > *Suggested Fix:* > > - > > Remove or restrict access to PHPInfo pages. > - > > Implement authentication controls or IP restrictions where access is > necessary. > - > > Regularly review exposed information and harden server configurations. > > *White Hat Note:* > We disclose these findings to help secure your environment. Please update > us once mitigated to verify and acknowledge your security improvements. >
