RPI Labs: OWASP Mutillidae II
|
Version: 2.11.14 Security Level: 0 (Hosed)
Hints: Enabled
Not Logged In
|
Home
|
Login/Register |
Toggle Hints | Toggle Security
|
Enforce TLS
|
Reset DB
|
View Log
|
View Captured Data
|
|
Secret Administrative Pages
|
Showing server configurations on pages allowed through the firewall is a bad idea.
"Hiding" pages by not linking to them so you believe you are the only one who knows
the URL doesnt work. There are tools to brute force the URL, shoulder surfing, log history,
browser history, router-firewall-proxy history, scanners, guessing and other methods can
get these URLs. or admin functions, create a second site inside the firewall to segregate
these pages from the Internet facing site. |
|
I wonder what clever name the server admin would give to a PHP page that shows server
configuration information? Hint: What is the function in PHP that dumps server configuration
information into a nice table? Enable hints if you need more help.
|
|
|
Browser: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
PHP Version: 8.1.27 |