| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <48317b001003081329g217ba81dh2208a1b3e6218898@mail.gmail.com> Date: Mon, 8 Mar 2010 22:29:50 +0100 From: Salvatore Fresta aka Drosophila <drosophilaxxx@...il.com> To: bugtraq@...urityfocus.com Subject: Re: phpinfo() XSS Vulnerability I tested it with php 5.1.6 and 5.2.6 and seems not work. The request_uri's content is encoded before to be printed: /phpinfo.php?+%3CScRipT%3Ealert(0111001101100101011000110111010101110010011010010111010001111001);%3C/sCrIpT%3E+ -- Salvatore Fresta aka Drosophila http://www.salvatorefresta.net CWNP444351
Powered by blists - more mailing lists