lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <436674B5.60802@hardened-php.net>
Date: Mon, 31 Oct 2005 20:47:01 +0100
From: Stefan Esser <sesser@...dened-php.net>
To: Matthew Murphy <mattmurphy@...rr.com>
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: Re: Re: Advisory 18/2005: PHP Cross Site Scripting
	(XSS)	Vulnerability in phpinfo()


Hello Matthew,

> http://cvs.php.net/diff.php/php-src/ext/standard/info.c?r1=1.252&r2=1.253&ty=u
>
> For the change marked "Input Validation Part 2".  It uses ENT_QUOTES
> escaping as opposed to ENT_NOQUOTES escaping.  The lack of escaping on
> quotes in entity attributes is the *EXACT* issue my bug report
> illustrates.
>
Unfortunately for you, the CVS commit you quote has nothing todo with
the XSS vulnerability in my advisory.
My advisory covers "Input Validation Part 1" which you can read here

http://viewcvs.php.net/viewcvs.cgi/php-src/ext/standard/info.c.diff?r1=1.245.2.2&r2=1.245.2.3

I hope this is enough to convince you... (because your bug report has
nothing todo with arrays not beeing escaped at all)

Yours,
Stefan Esser

ps: And you do not need to convince me, that you should have credits for
that other bug. And it is a pity that it needed such a long time to fix
it. In the end it is just an XSS in a debugging feature and therefore it
was not taken so serious. You should be happy, that we have started to
even fix vulnerabilities in debugging tools.

-- 
--------------------------------------------------------------------------
 Stefan Esser                                               sesser@....net
 Hardened-PHP Project                         http://www.hardened-php.net/

 GPG-Key                gpg --keyserver pgp.mit.edu --recv-key 0x15ABDA78
 Key fingerprint       7806 58C8 CFA8 CE4A 1C2C  57DD 4AE1 795E 15AB DA78
--------------------------------------------------------------------------

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ