[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20030603133007.29207.qmail@www.securityfocus.com>
Date: 3 Jun 2003 13:30:07 -0000
From: silent needle <silentneedle@...mail.com>
To: bugtraq@...urityfocus.com
Subject: PHP XSS exploit in phpinfo()
PHP XSS exploit in phpinfo() by Silent Needle
A: BACKGROUND(from php.net)
int phpinfo ( [int what])
Outputs a large amount of information about the current state of PHP. This
includes information about PHP compilation options and extensions, the PHP
version, server information and environment (if compiled as a module), the
PHP environment, OS version information, paths, master and local values of
configuration options, HTTP headers, and the PHP License.
Because every system is setup differently, phpinfo() is commonly used to
check configuration settings and for available predefined variables on a
given system. Also, phpinfo() is a valuable debugging tool as it contains
all EGPCS (Environment, GET, POST, Cookie, Server) data.
The output may be customized by passing one or more of the following
constants bitwise values summed together in the optional what parameter.
One can also combine the respective constants or bitwise values together
with the or operator.
B: DESCRIPTION
The cross site scripting allow you to print a html or javascript or others
in the webpage
when it just open not write in the page.
C: EXPLOIT
If you found a page running phpinfo(); like this
http://[site]/info.php
you can make a xss by adding any variable and put a html or javascript
value for it like this
THE EXPLOIT URL:
http://[site]/info.php?variable=[SCRIPT]
and you can change [SCRIPT] with any html or javascript code
note:
you can steal cookies by this way only if it was in the same folder with
any prog using cookies.
D: GREETZ
To : SP.IC , DR^^FUNNY , ARAB-HAK , ZALABOZA , OH SHE IS A LITTLE RUN
AWAY :)
E:CONTACT
Silent Needle
silentneedle@...mail.com
F:OH LONG NIGHT
Bye
Powered by blists - more mailing lists