Exam 312-50v12 topic 1 question 6 discussion

C:php.ini CEH Book v12 Module 13 Page 1163 "As shown in the below figure, the configuration may give verbose error messages. " "Figure 13.12: Screenshot displaying the php.ini file"

httpd.conf is also a possible answer but php.ini is correct bcoz it stores error messages also

display_errors = on The display_errors directive must be set to “on” in the PHP ini file. This will display all the errors including syntax or parse errors that cannot be displayed by just calling the ini_set function in the PHP code.

php.ini page 1791, 312-50 Certified Ethical Hacker

So, while httpd.conf and php.ini are valid answers, in the context of verbose error messages, php.ini would be a more direct source of such information because it controls the output of errors in PHP, which is a common language for web applications. Verbose error messages can reveal paths, database details, and other sensitive information that can be exploited by a hacker.

both are correct

Correct Answer is C httpd.conf refers to the configuration may allow anyone to view the server status page, which contains detailed information about the current use of the web server, including information about the current hosts and requests being processed. php.ini refers to the configuration may give verbose error messaget

php.ini misconfiguration may give verbose error messages. see pages 1792, Exam 312-50 Certified Ethical Hacker

httpd.conf

C:php.ini is the correct one

C: php.ini Although I think httpd.conf is also a possible answer, I would say php.ini which can disclose more error messages (database etc..)

A. httpd.conf While files such as php.ini (which can also contain sensitive configuration information for PHP-based web applications) can also be misconfigured and provide useful information to attackers, httpd.conf is generally considered to be the most commonly targeted file for this purpose, due to the widespread use of the Apache web server.