Full Disclosure mailing list archives
Re: MOPB-08-2007 - dejavu of dejavu
From: Stefan Esser <sesser () hardened-php net>
Date: Sun, 04 Mar 2007 20:18:46 +0100
hello 3APA3A schrieb:
Hello mopb, phpinfo() crossite scripting http://www.php-security.org/MOPB/MOPB-08-2007.html was initially(?) reported in 2003 by Silent Needle http://securityvulns.com/docs4647.html
Well technically it is a different XSS vulnerability. The one by silent needle obviously affected string variable output. The XSS in MOPB affects only array variable output. Stefan Esser _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- MOPB-08-2007 - dejavu of dejavu 3APA3A (Mar 04)
- Re: MOPB-08-2007 - dejavu of dejavu Stefan Esser (Mar 04)