PHP PHPInfo Cross-Site Scripting Variant Vulnerability
BID:22803
Info
PHP PHPInfo Cross-Site Scripting Variant Vulnerability
| Bugtraq ID: | 22803 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 03 2007 12:00AM |
| Updated: | May 04 2007 10:09PM |
| Credit: | Stefan Esser is credited with the discovery of this vulnerability. |
| Vulnerable: |
PHP PHP 4.4.6 PHP PHP 4.4.5 PHP PHP 4.4.4 PHP PHP 4.4.3 |
| Not Vulnerable: |
PHP PHP 4.4.7 |
Discussion
PHP PHPInfo Cross-Site Scripting Variant Vulnerability
PHP is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
This is a variant of the vulnerability described in BID 15428. This variant was reintroduced into PHP versions 4.4.3 through 4.4.6.
PHP is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
This is a variant of the vulnerability described in BID 15428. This variant was reintroduced into PHP versions 4.4.3 through 4.4.6.
Exploit / POC
PHP PHPInfo Cross-Site Scripting Variant Vulnerability
The following proof-of-concept URI is available:
http://www.example.com/phpinfo.php?a[]=[XSS]
The following proof-of-concept URI is available:
http://www.example.com/phpinfo.php?a[]=[XSS]
Solution / Fix
PHP PHPInfo Cross-Site Scripting Variant Vulnerability
Solution:
The vendor released an update to address this issue. Please see the references for more information.
PHP PHP 4.4.3
PHP PHP 4.4.4
PHP PHP 4.4.5
PHP PHP 4.4.6
Solution:
The vendor released an update to address this issue. Please see the references for more information.
PHP PHP 4.4.3
-
PHP php-4.4.7-Win32.zip
http://www.php.net/get/php-4.4.7-Win32.zip/from/a/mirror -
PHP php-4.4.7.tar.bz2
http://www.php.net/get/php-4.4.7.tar.bz2/from/a/mirror
PHP PHP 4.4.4
-
PHP php-4.4.7-Win32.zip
http://www.php.net/get/php-4.4.7-Win32.zip/from/a/mirror -
PHP php-4.4.7.tar.bz2
http://www.php.net/get/php-4.4.7.tar.bz2/from/a/mirror
PHP PHP 4.4.5
-
PHP php-4.4.7-Win32.zip
http://www.php.net/get/php-4.4.7-Win32.zip/from/a/mirror -
PHP php-4.4.7.tar.bz2
http://www.php.net/get/php-4.4.7.tar.bz2/from/a/mirror
PHP PHP 4.4.6
-
PHP php-4.4.7-Win32.zip
http://www.php.net/get/php-4.4.7-Win32.zip/from/a/mirror -
PHP php-4.4.7.tar.bz2
http://www.php.net/get/php-4.4.7.tar.bz2/from/a/mirror
References
PHP PHPInfo Cross-Site Scripting Variant Vulnerability
References:
References: