312-50V12 · Question #108
312-50V12 Question #108: Real Exam Question with Answer & Explanation
The correct answer is C: php.ini. Web server configuration files can be misconfigured to expose sensitive information such as verbose error messages, and php.ini is the primary PHP configuration file that controls error reporting and display settings.
Question
What are common files on a web server that can be misconfigured and provide useful information for a hacker such as verbose error messages?
Options
- Ahttpd.conf
- Badministration.config
- Cphp.ini
- Didq.dll
Explanation
Web server configuration files can be misconfigured to expose sensitive information such as verbose error messages, and php.ini is the primary PHP configuration file that controls error reporting and display settings.
Common mistakes.
- A. httpd.conf is the Apache HTTP Server configuration file that controls server-level settings like directory permissions and modules, but it does not directly control application-level error message verbosity in the way php.ini does.
- B. administration.config is not a standard, commonly recognized web server configuration file and is not associated with a specific web technology's error reporting or verbose output settings.
- D. idq.dll is a Windows IIS component associated with the Index Server ISAPI extension and is known for a historical buffer overflow vulnerability (MS01-033), not for being a misconfigured file that produces verbose error messages.
Concept tested. Web server misconfiguration exposing verbose error information
Reference. https://www.php.net/manual/en/errorfunc.configuration.php
Topics
Community Discussion
No community discussion yet for this question.