lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20030603133007.29207.qmail@www.securityfocus.com>
Date: 3 Jun 2003 13:30:07 -0000
From: silent needle <silentneedle@...mail.com>
To: bugtraq@...urityfocus.com
Subject: PHP XSS exploit in phpinfo()




PHP XSS exploit in phpinfo() by Silent Needle

A: BACKGROUND(from php.net)
int phpinfo ( [int what])
Outputs a large amount of information about the current state of PHP. This 
includes information about PHP compilation options and extensions, the PHP 
version, server information and environment (if compiled as a module), the 
PHP environment, OS version information, paths, master and local values of 
configuration options, HTTP headers, and the PHP License. 

Because every system is setup differently, phpinfo() is commonly used to 
check configuration settings and for available predefined variables on a 
given system. Also, phpinfo() is a valuable debugging tool as it contains 
all EGPCS (Environment, GET, POST, Cookie, Server) data. 
The output may be customized by passing one or more of the following 
constants bitwise values summed together in the optional what parameter. 
One can also combine the respective constants or bitwise values together 
with the or operator.

B: DESCRIPTION
The cross site scripting allow you to print a html or javascript or others 
in the webpage
when it just open not write in the page.

C: EXPLOIT
If you found a page running phpinfo(); like this
http://[site]/info.php
you can make a xss by adding any variable and put a html or javascript 
value for it like this
THE EXPLOIT URL:
http://[site]/info.php?variable=[SCRIPT]
and you can change [SCRIPT] with any html or javascript code
note:
you can steal cookies by this way only if it was in the same folder with 
any prog using cookies.

D: GREETZ
To : SP.IC , DR^^FUNNY , ARAB-HAK , ZALABOZA , OH SHE IS A LITTLE RUN 
AWAY :)

E:CONTACT
Silent Needle
silentneedle@...mail.com

F:OH LONG NIGHT
Bye


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ