Force a match against "^PHP/" (i.e. now with a trailing forward slash) to prevent the "Version from header" from incorrectly matching against the Set-Cookie header with the value "PHPSESSID". This should match PHP/2.x onwards; I'm not sure about earlier versions of PHP as I can't find any references.

This will no longer match against the generic "X-Powered-By: PHP" (rare?), but that never gave us a version number anyway, so you could consider that a bug too. We don't currently check for variations such as "Zend Core/2.0.1 PHP/5.2.1", so that could be added in the future, but at least the http-headers script will reveal the X-Powered-By header anyway.
2025-12-07 21:21:31 +00:00 · 2011-01-30 11:15:48 +00:00
parent a139a26fd7
commit d50c58dcc1
1 changed files with 1 additions and 1 deletions
--- a/scripts/http-php-version.nse
+++ b/scripts/http-php-version.nse
@@ -105,7 +105,7 @@ action = function(host, port)
 	end

 	for name, value in pairs(response.header) do
-		if string.match(value, "^PHP") then
+		if string.match(value, "^PHP/") then
 			header_name = name
 			header_value = value
 			break