Re: PHP XSS exploit in phpinfo()

To: silent needle <silentneedle@xxxxxxxxxxx>
Subject: Re: PHP XSS exploit in phpinfo()
From: Daniel Naber <daniel.naber@xxxxxxxxxxx>
Date: Wed, 4 Jun 2003 21:05:15 +0200
Delivered-to: zerbey@localhost.horry.org
Delivered-to: mailing list bugtraq@securityfocus.com
Delivered-to: moderator for bugtraq@securityfocus.com
Delivery-date: Wed, 04 Jun 2003 23:03:41 +0100
Envelope-to: zerbey@wibble.co.uk
In-reply-to: <20030603133007.29207.qmail@www.securityfocus.com>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@securityfocus.com; run by ezmlm
References: <20030603133007.29207.qmail@www.securityfocus.com>
User-agent: KMail/1.5.9

On Tuesday 03 June 2003 15:30, silent needle wrote:

> A: BACKGROUND(from php.net)
> int phpinfo ( [int what])
> Outputs a large amount of information about the current state of PHP.

And because of that amount of information it's a security issue if 
phpinfo() is publically available at all, not just because you can do XSS 
with it. (Of course it should be fixed anyway.)

Regards
 Daniel

-- 
http://www.danielnaber.de

References:
- PHP XSS exploit in phpinfo()
  - From: silent needle

Prev by Date: Internet Explorer Object Type Property Overflow
Next by Date: possible remote buffer overflow in atftpd
Previous by thread: PHP XSS exploit in phpinfo()
Next by thread: man[v1.5l]: (catalog) format strings exploit / POC.
Index(es):
- Date
- Thread