So, how are we going to extend the Yii 2 framework as an example for this chapter? Let's become vile this time and make a malicious extension, which will provide a sort of phishing backdoor for us.

The idea is this: our extension will provide a special route (a controller with a single action inside), which will dump the complete application configuration to the web page. Let's say it'll be reachable from the route /app-info/configuration.

We cannot, however, just get the contents of the configuration file itself and that too reliably. At the point where we can attach ourselves to the application instance, the original configuration array is inaccessible, and even if it were accessible, we can't be sure about where it came from anyway. So, we'll inspect the runtime status of the application and return the most important pieces of information we can fetch at the stage of the controller action resolution. That's the exact payload we want to introduce.

    public function actionConfiguration()
    {
        $app = Yii::$app;
        $config = [
            'components' => $app->components,
            'basePath' => $app->basePath,
            'params' => $app->params,
            'aliases' => Yii::$aliases
        ];
        return yiihelpersJson::encode($config);
    }

The preceding code is the core of the extension and is assumed in the following sections.

In fact, if you know the value of the basePath setting of the application, a list of its aliases, settings for the components (among which the DB connection may reside), and all custom parameters that developers set manually, you can map the target application quite reliably. Given that you know all the credentials this way, you have an enormous amount of highly valuable information about the application now. All you need to do now is make the user install this extension.