In the “information gathering” chapter of my book “
PHP-Sicherheit” and my presentations on the same topic, I usually talk about how incredibly weird stuff can end up in the source code of rather big web sites. While checking a number of sites for a specific vulnerability, I ended up finding the following stuff. I modified it so there’s no real information leakage and am currently trying to reach the respective vendors.
<!--
<table class=“debug” width=“100%”><tr><td>
<a target=“_blank” href=“/sys/admin/”>- Zur Admin-Seite</a><br>
<a target=“_blank” href=“http://someothersite.de.de/gui/”>- Styleguide</a><br>
<a target=“_blank” href=“/sys/info.php”>- Phpinfo ()</a><br>
<br>
<a href=“http://validator.w3.org/check/referer”><img border=“0” src=“http://www.w3.org/Icons/valid-html401” alt=“Valid HTML 4.01!” title=“Valid HTML 4.01!” height=“31” width=“88”></a>
</td></tr></table>
-->
Another nice one:
<!--DB-Error in Zeile 1712: DB Error: syntax error: / Layouttyp3: - / SELECT layouttyp.datei,layouttyp.name FROM layouttyp INNER JOIN teaserplatz ON teaserplatz.layouttyp_id=layouttyp.id INNER JOIN teasertyp ON easerplatz.teasertyp_id=teasertyp.id INNER JOIN dokument ON teaserplatz.dokument_id=dokument.id WHERE teaserplatz.pos=5,’erbt_layout’ AND dokument.id=14528 AND teasertyp.name=’sonder’-->
<!--Fehler: Datei /export/www/CONTENT/soim-80/docs/cms/teasermanager/teasersnippets/ nicht gefunden<br>-->
And finally:
WARNING in file e:\Daten\enid\host\htdocs\media\layout\141.php on line 227: mysql_num_rows(): supplied argument is not a valid MySQL result resource
Although it might seem obvious, I cannot stress it enough:
Remove debug code and possible PHP errors from your production sites!
