

Google Search: site:*.*/phpinfo.php - elwell
https://www.google.com/?gws_rd=ssl#q=site:*.*/phpinfo.php&start=20

======
getdavidhiggins
You can find more here: [https://www.exploit-db.com/google-hacking-
database/](https://www.exploit-db.com/google-hacking-database/) These are
called "Google Dorks" for some reason, even though there's nothing dorky about
them. Some of these are honeypots / tarpits monitoring inbound traffic, others
are actual servers which are running old versions of PHP. Frankly though if
it's public like that it often is a red flag that the webmaster has made other
bad choices with their servers...

------
yunyeng
What kind of information can hackers get from phpinfo() ?

~~~
krapp
The PHP version will tell them what unpatched vulnerabilities your apps are
likely to have.

~~~
smt88
Isn't that often in the response headers anyway?

~~~
krapp
Yeah, but you shouldn't be doing that, either.

