PHP Version: 8.4.13
OK: PHP version is current
PHP Version Information
Open Base Dir Protection
PROTECTED: open_basedir is configured
/home/t91/:/tmp/:/var/tmp/:/opt/alt/php84/usr/share/pear/:/dev/urandom:/usr/local/php84/lib/:/usr/local/php84/lib/:/usr/local/lib/php/:/var/www/omnicoder
PHP file access is restricted to the directories listed above.
Dangerous Functions Analysis
High Risk
| Function | Status |
|---|---|
| exec() | DISABLED |
| shell_exec() | DISABLED |
| system() | DISABLED |
| passthru() | DISABLED |
| popen() | DISABLED |
| proc_open() | DISABLED |
| pcntl_exec() | DISABLED |
Medium Risk
| Function | Status |
|---|---|
| eval() | DISABLED |
| assert() | ENABLED |
| create_function() | DISABLED |
| include() | DISABLED |
| require() | DISABLED |
File Operations
| Function | Status |
|---|---|
| file_get_contents() | ENABLED |
| file_put_contents() | ENABLED |
| fopen() | ENABLED |
| readfile() | ENABLED |
| unlink() | ENABLED |
Information Disclosure
| Function | Status |
|---|---|
| phpinfo() | ENABLED |
| posix_getpwuid() | DISABLED |
| getenv() | ENABLED |
| get_current_user() | ENABLED |
Disabled Functions List
exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname
PHP Security Settings
| Setting | Current Value | Recommended | Status |
|---|---|---|---|
| display_errors | Empty | 0 | INSECURE |
| expose_php | Empty | Off | INSECURE |
| allow_url_fopen | 1 | Off | INSECURE |
| allow_url_include | Empty | Off | INSECURE |
| register_globals | Not Set | Off | INSECURE |
| magic_quotes_gpc | Not Set | Off | INSECURE |
| session.cookie_httponly | Empty | 1 | INSECURE |
| session.cookie_secure | 0 | 1 | INSECURE |
| session.use_strict_mode | 0 | 1 | INSECURE |
File System Access Tests
Common System File Access Tests
Testing if PHP can read sensitive system files outside the user directory:
✗ /etc/passwd - File does not exist or access denied
✗ /etc/shadow - File does not exist or access denied
✗ /etc/hosts - File does not exist or access denied
✗ /etc/apache2/apache2.conf - File does not exist or access denied
✗ /etc/nginx/nginx.conf - File does not exist or access denied
✗ /etc/my.cnf - File does not exist or access denied
✗ /etc/mysql/my.cnf - File does not exist or access denied
✗ /var/log/apache2/error.log - File does not exist or access denied
✗ /var/log/nginx/error.log - File does not exist or access denied
✗ /proc/version - File does not exist or access denied
✗ /root/.bash_history - File does not exist or access denied
✗ /home - File does not exist or access denied
Write Access Tests
Testing if PHP can write to directories outside the user directory:
✓ /tmp - Directory is writable
✓ /var/tmp - Directory is writable
✗ /var/www - Directory is not writable
✗ /etc - Directory is not writable
✗ /root - Directory is not writable
Directory Listing Tests - /tmp and /var/tmp
Attempting to list files in temporary directories:
/tmp
✓ Directory is accessible and readable
Files found: 1302
Files found: 1302
[FILE] (58 bytes) [--] adminer.invalid
[FILE] (57 bytes) [--] adminer.invalid-19201cb55d6e6bcebd567101d62c6a6a
[FILE] (59 bytes) [--] adminer.invalid-1d5f62b5a17eb17dc7036961dcaa785c
[FILE] (58 bytes) [--] adminer.invalid-5693fa8c426725724dce28ccd5c8d82c
[FILE] (60 bytes) [--] adminer.invalid-e9ccd583c33e98d7536671130481e13b
[FILE] (21 bytes) [R-] bot_debug.log
[FILE] (686 bytes) [R-] cg_7f10e03a80197c8ccfda197fb93a48d6.json
[FILE] (6,794 bytes) [R-] cg_a04ca4198fc8f0c6c83efbcf414d6f36.json
[FILE] (13,534 bytes) [R-] cg_d95c10b879361383d182ecdc15e07841.json
[FILE] (223,333 bytes) [--] phpm4cbbk9q2giddTQ5Lxd
[DIR] [R-] school_sessions_d676bd4f2c8fb4be2cc7079dcc4395cc
[FILE] (0 bytes) [--] sess_000c8d29aa0cfb584b7124a2e37b3b1f
[FILE] (0 bytes) [--] sess_0017047ee4b6feb19e1e3706a092f753
[FILE] (0 bytes) [--] sess_001a7f803e799cce2fa4f142bfa41e80
[FILE] (0 bytes) [--] sess_003cf064766033cda73e599ebc43c145
[FILE] (0 bytes) [--] sess_00412ecbae790308388cd07bab80c8c4
[FILE] (0 bytes) [--] sess_004cc2c2456d0fd88177ff1f08f00079
[FILE] (0 bytes) [--] sess_008125efd271f3414a5a8fe02be884f7
[FILE] (0 bytes) [--] sess_00c555b41e9beafc04593ac9f04a5e2c
[FILE] (0 bytes) [--] sess_01114ec4fc71e6c7a6e9c8ce69276cfb
[FILE] (0 bytes) [--] sess_0121901c13dc26a710d8e7b7c9e10c1e
[FILE] (0 bytes) [--] sess_014cc2990d097df5ee125b21e429b104
[FILE] (0 bytes) [--] sess_01a93f37a4e94e60110b3d91cf18baaf
[FILE] (0 bytes) [--] sess_01ad72449171b570ddecb76a7996f68e
[FILE] (0 bytes) [--] sess_01aea6dbaf40691bdf5db2ed06182408
[FILE] (0 bytes) [--] sess_01c611fcc109eecfbd9cf4a9f63cf62c
[FILE] (0 bytes) [--] sess_01d2086ea3a9fc2861558d618aa83463
[FILE] (0 bytes) [--] sess_01d5fa4e2e2fc33dae095e373d65116f
[FILE] (0 bytes) [--] sess_01f17a6419e747e5ebef15480eb87153
[FILE] (0 bytes) [--] sess_02196b683b3d38e55b8d845d0181daa1
[FILE] (0 bytes) [--] sess_022d20a96c859af30f70569c5eaf9901
[FILE] (0 bytes) [--] sess_02554060c276e13d6f1df7d629665c4c
[FILE] (0 bytes) [--] sess_028cd50a879368caf825ab005ff128aa
[FILE] (0 bytes) [--] sess_02b33c07c71cc0ccf1f2688d58ebd6d2
[FILE] (0 bytes) [--] sess_02b3fe963d6bc52ca822bf2ad4a48b87
[FILE] (0 bytes) [--] sess_02b8465f970ef1daf0aa2f8486ec43a8
[FILE] (0 bytes) [--] sess_02daed3ae1a0f2d4fd11e57f637cc02e
[FILE] (0 bytes) [--] sess_030f5d02a1a0cfba7e768b72f3d72e93
[FILE] (0 bytes) [--] sess_0316441cfe46ea787e5382b4f071e592
[FILE] (0 bytes) [--] sess_03174e6fe68f7d7ffc831ba2e685f0ad
[FILE] (0 bytes) [--] sess_035f1949073d3f5dec3105ee1721c223
[FILE] (0 bytes) [--] sess_0374883ec65eac0c110cc33942e9ccd9
[FILE] (0 bytes) [--] sess_039d9b5734ae6c80f0276aba2d3e68e4
[FILE] (0 bytes) [--] sess_03b8d43973f66a4e42de02cdabd821ae
[FILE] (0 bytes) [--] sess_03ccd70383f25eef34441f6ede7c4086
[FILE] (0 bytes) [--] sess_041107e70263d50356093720419b9f00
[FILE] (0 bytes) [--] sess_04678bd04bddce6b47c61e35d50141a3
[FILE] (0 bytes) [--] sess_04681f12ba134f2bafaac3319c378151
[FILE] (0 bytes) [--] sess_04a0201a33d1f9d1613c5beb2d99b276
[FILE] (0 bytes) [--] sess_04a6c12d48c8dbe663ac5bdda03b6e27
... and 1250 more files (limited to first 50)
Attempting to Read Files in /tmp
✗ Cannot read: adminer.invalid (Permission denied)
✗ Cannot read: adminer.invalid-19201cb55d6e6bcebd567101d62c6a6a (Permission denied)
✗ Cannot read: adminer.invalid-1d5f62b5a17eb17dc7036961dcaa785c (Permission denied)
✗ Cannot read: adminer.invalid-5693fa8c426725724dce28ccd5c8d82c (Permission denied)
✗ Cannot read: adminer.invalid-e9ccd583c33e98d7536671130481e13b (Permission denied)
✓ Successfully read: bot_debug.log (21 bytes read)
Preview: INPUT: {"test":true}
✓ Successfully read: cg_7f10e03a80197c8ccfda197fb93a48d6.json (200 bytes read)
Preview: {"binancecoin":{"usd":619.12,"usd_24h_change":0.5212377899821455,"ngn":851899,"ngn_24h_change":0.521...
✓ Successfully read: cg_a04ca4198fc8f0c6c83efbcf414d6f36.json (200 bytes read)
Preview: [{"id":"bitcoin","symbol":"btc","name":"Bitcoin","image":"https://coin-images.coingecko.com/coins/im...
✓ Successfully read: cg_d95c10b879361383d182ecdc15e07841.json (200 bytes read)
Preview: [{"id":"bitcoin","symbol":"btc","name":"Bitcoin","image":"https://coin-images.coingecko.com/coins/im...
✗ Cannot read: phpm4cbbk9q2giddTQ5Lxd (Permission denied)
Summary: Successfully read 4 out of 10 tested files
/var/tmp
✓ Directory is accessible and readable
Files found: 2
Files found: 2
Attempting to Read Files in /var/tmp
Current Directory Information
Current Working Directory: /home/t91/domains/surround-flash-9d7a403c-91.app.omni-coder.com/public_html
Document Root: /home/t91/domains/surround-flash-9d7a403c-91.app.omni-coder.com/public_html
Script Filename: /home/t91/domains/surround-flash-9d7a403c-91.app.omni-coder.com/public_html/index.php
Current User: t91
User ID: 1019
Group ID: 1020
Server Information
| Parameter | Value |
|---|---|
| Server Software | Apache/2 |
| Server Name | surround-flash-9d7a403c-91.app.omni-coder.com |
| Server Protocol | HTTP/1.0 |
| PHP SAPI | fpm-fcgi |
| Operating System | Linux |
| Server Admin | webmaster@surround-flash-9d7a403c-91.app.omni-coder.com |
| Document Root | /home/t91/domains/surround-flash-9d7a403c-91.app.omni-coder.com/public_html |
Loaded PHP Extensions
• Core
• FFI
• PDO
• Phar
• Reflection
• SPL
• SimpleXML
• bcmath
• calendar
• cgi-fcgi
• ctype
• curl
• date
• dom
• exif
• fileinfo
• filter
• ftp
• gd
• gettext
• hash
• iconv
• intl
• json
• libxml
• mbstring
• mysqli
• mysqlnd
• openssl
• pcre
• pdo_mysql
• pdo_sqlite
• posix
• random
• session
• shmop
• soap
• sockets
• sodium
• sqlite3
• standard
• sysvmsg
• sysvsem
• sysvshm
• tokenizer
• xml
• xmlreader
• xmlwriter
• xsl
• zip
• zlib
Security Summary
No major vulnerabilities detected
The server appears to have reasonable security configurations in place.