PHP phpinfo() Multiple Method User Supplied Array XSS
OSVDB ID: 32774Disclosure Date: Mar 3, 2007
Description:
PHP contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not escape the content of user supplied arrays in GET, POST or COOKIE variables upon submission to phpinfo(). This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
Vulnerability Classification:
Remote/Network Access Required
Input Manipulation
Loss Of Integrity
Exploit Available
Products:
PHP PHP 4.4.3
PHP PHP 4.4.4
PHP PHP 4.4.5
PHP PHP 4.4.6
Solution:
Currently, there are no known upgrades, patches, or workarounds available to correct this issue. PHP scripts calling phpinfo() should not be publicly accessible on production systems.
External References:
CVE ID: 2007-1287
National Vulnerability Database: CVE-2007-1287
Bugtraq ID: 22803
Generic Exploit URL: http://www.php-security.org/MOPB/code/MOPB-08-2007.phpt
Secunia Advisory ID: 24356
Vendor URL: http://www.php.net/
Other Advisory URL: http://www.php-security.org/MOPB/MOPB-08-2007.html
Credit:
Stefan Esser - Hardened-PHP Project
Labels: Vulnerability
<< Home