[Full-disclosure] MOPB-08-2007 - dejavu of dejavu
Stefan Esser
sesser at hardened-php.net
Sun Mar 4 19:18:46 GMT 2007
hello 3APA3A schrieb:
> Hello mopb,
>
> phpinfo() crossite scripting
>
> http://www.php-security.org/MOPB/MOPB-08-2007.html
>
> was initially(?) reported in 2003 by Silent Needle
>
> http://securityvulns.com/docs4647.html
>
Well technically it is a different XSS vulnerability. The one by silent
needle obviously affected string variable output.
The XSS in MOPB affects only array variable output.
Stefan Esser
Full-Disclosure is hosted and sponsored by Secunia.