From d50c58dcc1b3eace3077aae4d05155354e4e904a Mon Sep 17 00:00:00 2001 From: robert Date: Sun, 30 Jan 2011 11:15:48 +0000 Subject: [PATCH] Force a match against "^PHP/" (i.e. now with a trailing forward slash) to prevent the "Version from header" from incorrectly matching against the Set-Cookie header with the value "PHPSESSID". This should match PHP/2.x onwards; I'm not sure about earlier versions of PHP as I can't find any references. This will no longer match against the generic "X-Powered-By: PHP" (rare?), but that never gave us a version number anyway, so you could consider that a bug too. We don't currently check for variations such as "Zend Core/2.0.1 PHP/5.2.1", so that could be added in the future, but at least the http-headers script will reveal the X-Powered-By header anyway. --- scripts/http-php-version.nse | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/http-php-version.nse b/scripts/http-php-version.nse index dcdddd857..f2764496e 100644 --- a/scripts/http-php-version.nse +++ b/scripts/http-php-version.nse @@ -105,7 +105,7 @@ action = function(host, port) end for name, value in pairs(response.header) do - if string.match(value, "^PHP") then + if string.match(value, "^PHP/") then header_name = name header_value = value break