Bugtraq mailing list archives
Re: PHP XSS exploit in phpinfo()
From: Daniel Naber <daniel.naber () t-online de>
Date: Wed, 4 Jun 2003 21:05:15 +0200
On Tuesday 03 June 2003 15:30, silent needle wrote:
A: BACKGROUND(from php.net) int phpinfo ( [int what]) Outputs a large amount of information about the current state of PHP.
And because of that amount of information it's a security issue if phpinfo() is publically available at all, not just because you can do XSS with it. (Of course it should be fixed anyway.) Regards Daniel -- http://www.danielnaber.de
Current thread:
- PHP XSS exploit in phpinfo() silent needle (Jun 04)
- Re: PHP XSS exploit in phpinfo() Daniel Naber (Jun 04)