Bugtraq mailing list archives

Re: phpinfo() XSS Vulnerability

From: Salvatore Fresta aka Drosophila <drosophilaxxx () gmail com>
Date: Mon, 8 Mar 2010 22:29:50 +0100

I tested it with php 5.1.6 and 5.2.6 and seems not work. The
request_uri's content is encoded before to be printed:

/phpinfo.php?+%3CScRipT%3Ealert(0111001101100101011000110111010101110010011010010111010001111001);%3C/sCrIpT%3E+

-- 
Salvatore Fresta aka Drosophila
http://www.salvatorefresta.net
CWNP444351

Current thread:

phpinfo() XSS Vulnerability info (Mar 08)
- Re: phpinfo() XSS Vulnerability Salvatore Fresta aka Drosophila (Mar 08)