Bugtraq mailing list archives
Re: phpinfo() XSS Vulnerability
From: Salvatore Fresta aka Drosophila <drosophilaxxx () gmail com>
Date: Mon, 8 Mar 2010 22:29:50 +0100
I tested it with php 5.1.6 and 5.2.6 and seems not work. The request_uri's content is encoded before to be printed: /phpinfo.php?+%3CScRipT%3Ealert(0111001101100101011000110111010101110010011010010111010001111001);%3C/sCrIpT%3E+ -- Salvatore Fresta aka Drosophila http://www.salvatorefresta.net CWNP444351
Current thread:
- phpinfo() XSS Vulnerability info (Mar 08)
- Re: phpinfo() XSS Vulnerability Salvatore Fresta aka Drosophila (Mar 08)