LUMS — phpinfo.php (Critical Disclosure)
URL: https://lums.edu.pk/phpinfo.php — 96,738 bytes (complete PHP configuration dump)
Server Identity
Hostname: lumswebsite-websrv1
System: Linux lumswebsite-websrv1 5.4.17-2136.350.3.2.el8uek.x86_64 #3 SMP
Kernel: Oracle Unbreakable Enterprise Kernel (UEK)
OS: Red Hat Enterprise Linux 8.10 (Ootpa)
Arch: x86_64
Web Stack
| Component | Version |
|---|
| Apache | 2.4.66 (codeit) |
| OpenSSL | 3.5.4 |
| PHP | 8.1.34 |
| PHP SAPI | FPM/FastCGI |
| PHP Build Date | December 16, 2025 |
| Config Path | /etc/php.ini |
PHP Extensions (Security-Relevant)
| Extension | Risk | Notes |
|---|
| SSH2 | HIGH | SSH connection library — server-to-server pivoting potential |
| LDAP | HIGH | LDAP client — connects to directory services (Active Directory?) |
| MySQL (mysqlnd) | MEDIUM | Database connectivity |
| mcrypt | MEDIUM | Deprecated — may indicate legacy code with weak encryption |
| SOAP | MEDIUM | Web service client — may call internal APIs |
| cURL | MEDIUM | HTTP client — SSRF potential |
| GD | LOW | Image processing |
| Sodium | LOW | Modern cryptography |
Additional LUMS Disclosures
| File | Size | Content |
|---|
| /README.md | 3,205 bytes | Drupal README — CMS confirmed |
| /robots.txt | 2,027 bytes | Standard Drupal robots.txt |
Exploitation Potential
- SSH2 Extension: If PHP scripts can create SSH connections, this server can pivot to other LUMS infrastructure
- LDAP Extension: LUMS likely uses LDAP for authentication — LDAP injection attacks against web forms could enumerate the directory
- Kernel Version:
5.4.17-2136.350.3.2.el8uek.x86_64 — matchable against kernel CVE databases for local privilege escalation vectors
- RHEL 8.10: Specific OS version enables precise CVE matching
- mcrypt: Deprecated PHP extension may indicate legacy code with weak encryption
- Drupal CMS: Known attack surface (Drupalgeddon history)
Server Version Disclosures Across All Targets
| Target | Server | Version | Risk |
|---|
| qau.edu.pk | nginx | 1.14.1 | HIGH — 2018 release, many known CVEs |
| opendata.com.pk | nginx | 1.12.2 | HIGH — 2017 release, severely outdated |
| aiou.edu.pk | Apache | 2.4.41 (Ubuntu) | MEDIUM — 2019 release |
| lums.edu.pk | Apache | 2.4.66 (codeit) | LOW — relatively recent |
| ep.gov.pk | IIS | 10.0 | LOW — current Windows Server |
| uos.edu.pk | — | PHP/8.2.30 (header leak) | MEDIUM — PHP version in response header |
Technology Disclosures
| Target | Technology | Disclosed Via |
|---|
| uos.edu.pk | Laravel (PHP framework) | Blade-template 404 page |
| uos.edu.pk | PleskLin | Server header |
| ep.gov.pk / hec.gov.pk | ASP.NET | X-Powered-By header |
| balochistan.gov.pk / sit | WordPress + Elementor | Page content + API |
| qau.edu.pk | WordPress | API response |
| aiou.edu.pk | Drupal | /user/login page |
| lums.edu.pk | Drupal | README.md content |
Outdated Software Summary
| Software | Deployed | Current | Age |
|---|
| nginx (QAU) | 1.14.1 | 1.27.x | ~7 years old |
| nginx (opendata) | 1.12.2 | 1.27.x | ~8 years old |
| Apache (AIOU) | 2.4.41 | 2.4.62+ | ~6 years old |
| CKAN (opendata) | 2.8.3 | 2.11.x | ~5 years old |