Two PHP Reconnaissance Vectors.

I've talked about this if you followed my blog last week. These two vectors can be used to trigger error messages or to obtain more intelligence about the server within PHP. These are not very well known and therefore I wanted to share it here. The first one is due to how PHP and the programmer handles the server variables. Most of the time these variables are not sanitized because we think this cannot be modified. That is a wrong assumption, I found that very much websites are vulnerable to these kinds reconnaissance vectors. And so all variables inside the the $_SERVER global needs to be sanitized also. A good rule of thumb is to treat everything as tainted, and you'll be on your way.The second one is a very obscure one, because I found out that almost nobody knows or talks about this one. This vector is triggered in the request uri by modifying the PHPSESSID. If the session is echoed back into a script we can trigger an error. Ever saw this kind of error message: "cannot modify header session already started" ? that is what we are looking for because it can give us plenty information.Below examples of what I mean, I hope it will be useful to protect yourself against it.