Re: phpinfo() XSS Vulnerability

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: Re: phpinfo() XSS Vulnerability
From: Salvatore Fresta aka Drosophila <drosophilaxxx@xxxxxxxxx>
Date: Mon, 8 Mar 2010 22:29:50 +0100
In-reply-to: <20100306110345.27912.qmail@xxxxxxxxxxxxxxxxx>

I tested it with php 5.1.6 and 5.2.6 and seems not work. The
request_uri's content is encoded before to be printed:

/phpinfo.php?+%3CScRipT%3Ealert(0111001101100101011000110111010101110010011010010111010001111001);%3C/sCrIpT%3E+

-- 
Salvatore Fresta aka Drosophila
http://www.salvatorefresta.net
CWNP444351

References:
- phpinfo() XSS Vulnerability
  - From: info

Prev by Date: rPSA-2010-0013-1 gzip
Next by Date: [ MDVSA-2010:057 ] apache
Previous by thread: phpinfo() XSS Vulnerability
Next by thread: [XSS] i found a xss on "page" parameter in "eccredit.php" in Dvbbs < 8.3.0
Index(es):
- Date
- Thread

[Index of Archives] [Linux Security] [Netfilter] [PHP] [Yosemite News] [Linux Kernel]

Powered by Linux