Re: PHP XSS exploit in phpinfo()

From: Daniel Naber (daniel.naber_at_t-online.de)
Date: 06/04/03

  • Next message: KF: "SRT2003-06-05-0935 - HPUX ftpd remote issue via REST" 
    To: silent needle <silentneedle@hotmail.com>
Date: Wed, 4 Jun 2003 21:05:15 +0200

    On Tuesday 03 June 2003 15:30, silent needle wrote:

    > A: BACKGROUND(from php.net)
    > int phpinfo ( [int what])
    > Outputs a large amount of information about the current state of PHP.

    And because of that amount of information it's a security issue if
    phpinfo() is publically available at all, not just because you can do XSS
    with it. (Of course it should be fixed anyway.)

    Regards
     Daniel 

    -- 
http://www.danielnaber.de
  • Next message: KF: "SRT2003-06-05-0935 - HPUX ftpd remote issue via REST"

    Relevant Pages

    • Re: Calculating page bandwidth usage (PHP/Ajax)
      ... I intend to use Ajax for a kiosk application, it's primary usage is to ... retrieve live data from my DB, it's a fairly small amount of data (5 ... know is how to calculate the bandwidth of the data for every ten ... I'm not entirely sure that PHP is really the best solution to your ...
      (comp.lang.php)
    • Re: Calculating page bandwidth usage (PHP/Ajax)
      ... I intend to use Ajax for a kiosk application, it's primary usage is to ... retrieve live data from my DB, it's a fairly small amount of data (5 ... know is how to calculate the bandwidth of the data for every ten ... I'm not entirely sure that PHP is really the best solution to your ...
      (comp.lang.php)
    • Re: [PHP] Whitespace in Emails
      ... I have built an application that sends out an email with ... a nice amount of text ... If you have confirmed that it's happening AFTER php sends the email, ... Also, sending html enhanced (cough, cough) email is probably the First ...
      (php.general)
    • Re: Perl 6
      ... John Bokma wrote: ... certain amount of time to post every day, ... they look closer at other posts. ... I am surprised they don't actually make any mention of PHP 6 on the main ...
      (comp.lang.perl.misc)
    • Re: Calculating page bandwidth usage (PHP/Ajax)
      ... retrieve live data from my DB, it's a fairly small amount of data (5 ... know is how to calculate the bandwidth of the data for every ten ... such software has little to do with PHP ... I just want to know how much data each ajax request is - I dont want ...
      (comp.lang.php)