Date: 3 Jun 2003 13:30:07 -0000
From: silent needle <silentneedle@...mail.com>
To: bugtraq@...urityfocus.com
Subject: PHP XSS exploit in phpinfo()




PHP XSS exploit in phpinfo() by Silent Needle

A: BACKGROUND(from php.net)
int phpinfo ( [int what])
Outputs a large amount of information about the current state of PHP. This 
includes information about PHP compilation options and extensions, the PHP 
version, server information and environment (if compiled as a module), the 
PHP environment, OS version information, paths, master and local values of 
configuration options, HTTP headers, and the PHP License. 

Because every system is setup differently, phpinfo() is commonly used to 
check configuration settings and for available predefined variables on a 
given system. Also, phpinfo() is a valuable debugging tool as it contains 
all EGPCS (Environment, GET, POST, Cookie, Server) data. 
The output may be customized by passing one or more of the following 
constants bitwise values summed together in the optional what parameter. 
One can also combine the respective constants or bitwise values together 
with the or operator.

B: DESCRIPTION
The cross site scripting allow you to print a html or javascript or others 
in the webpage
when it just open not write in the page.

C: EXPLOIT
If you found a page running phpinfo(); like this
http://[site]/info.php
you can make a xss by adding any variable and put a html or javascript 
value for it like this
THE EXPLOIT URL:
http://[site]/info.php?variable=[SCRIPT]
and you can change [SCRIPT] with any html or javascript code
note:
you can steal cookies by this way only if it was in the same folder with 
any prog using cookies.

D: GREETZ
To : SP.IC , DR^^FUNNY , ARAB-HAK , ZALABOZA , OH SHE IS A LITTLE RUN 
AWAY :)

E:CONTACT
Silent Needle
silentneedle@...mail.com

F:OH LONG NIGHT
Bye

Powered by blists - more mailing lists