Tips of the Day: phpinfo(), Code That Shouldn’t Show To Public
I notice that most of the programmer love to do phpinfo() on info.php, info.html page. But they do not know that such information may vulnerable to attacker. Some even have it as apache’s default DocumentRoot.
If you want like to use phpinfo(), it’s advice to use a random name for php filename. For example infoxxxxx.php, noinfo123123aa.php, testinfo123213.php. Beside that, you can remove the code immediately after you got what you want.
View takizo's profile