[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <436674B5.60802@hardened-php.net>
Date: Mon Oct 31 19:47:30 2005
From: sesser at hardened-php.net (Stefan Esser)
Subject: Re: Advisory 18/2005: PHP Cross Site Scripting
(XSS) Vulnerability in phpinfo()
Hello Matthew,
> http://cvs.php.net/diff.php/php-src/ext/standard/info.c?r1=1.252&r2=1.253&ty=u
>
> For the change marked "Input Validation Part 2". It uses ENT_QUOTES
> escaping as opposed to ENT_NOQUOTES escaping. The lack of escaping on
> quotes in entity attributes is the *EXACT* issue my bug report
> illustrates.
>
Unfortunately for you, the CVS commit you quote has nothing todo with
the XSS vulnerability in my advisory.
My advisory covers "Input Validation Part 1" which you can read here
http://viewcvs.php.net/viewcvs.cgi/php-src/ext/standard/info.c.diff?r1=1.245.2.2&r2=1.245.2.3
I hope this is enough to convince you... (because your bug report has
nothing todo with arrays not beeing escaped at all)
Yours,
Stefan Esser
ps: And you do not need to convince me, that you should have credits for
that other bug. And it is a pity that it needed such a long time to fix
it. In the end it is just an XSS in a debugging feature and therefore it
was not taken so serious. You should be happy, that we have started to
even fix vulnerabilities in debugging tools.
--
--------------------------------------------------------------------------
Stefan Esser sesser@....net
Hardened-PHP Project http://www.hardened-php.net/
GPG-Key gpg --keyserver pgp.mit.edu --recv-key 0x15ABDA78
Key fingerprint 7806 58C8 CFA8 CE4A 1C2C 57DD 4AE1 795E 15AB DA78
--------------------------------------------------------------------------
Powered by blists - more mailing lists