PHP 4 PHPInfo Cross-Site Scripting Vulnerability

2002-10-12T00:00:00
ID EDB-ID:22725
Type exploitdb
Reporter Matthew Murphy
Modified 2002-10-12T00:00:00

Description

PHP 4 PHPInfo Cross-Site Scripting Vulnerability. CVE-2002-1954. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/7805/info

Scripts that include the PHP phpinfo() debugging function may be prone to cross-site scripting attacks. This could permit remote attackers to create a malicious link to a vulnerable PHP script that includes hostile client-side script code or HTML. If this link is visited, the attacker-supplied code may be rendered in the browser of the user who visit the malicious link. 

http://www.example.com/info.php?variable=[code]

where [code] equals hostile HTML or script code.