Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
myhack58佚名MYHACK58:62200922541
HistoryMar 16, 2009 - 12:00 a.m.

phpinfo cross-site scripting vulnerability-vulnerability warning-the black bar safety net

2009-03-1600:00:00
佚名
www.myhack58.com
26
JSON

Vulnerability description: php is a widely used programming language, can be nested in the html with a to do web app development. phpinfo()is used to display the current php environment is a function of many site and program will phpinfo on your own site or on a program, but phpinfo in the presence of some security issues, leading to carefully constructed data can generate a cross site scripting vulnerability can be used to carry out the attack.

Vulnerability causes: the phpinfo page of the input parameters are detailed in the filter, but no output to the charset specified, and in some browsers such as IE7, you can let it automatically select the encoding or through an iframe page to it to specify the encoding, so that you can bypass the phpinfo of the filter and generates a cross-site scripting vulnerability.
Vulnerability sources: http://www.80sec.com/
Exploit: the use of the code is as follows:

<html>
<head>
<META HTTP-EQUIV=“CONTENT-TYPE” CONTENT=“text/html; charset=UTF-7”>
</head>
<body>
<iframe src=“http://www.80sec.com/phpinfo.php?+ ADw-SCRIPT+AD4-alert(document. domain);+ADw-/SCRIPT+AD4-=1”>

The above code in IE7+php 5.2.6 the test is successful. the phpinfo pagexsseven more than other pages even more dangerous, because if there is a phpinfo exists, a malicious attacker can use the phpinfo output bypass such as httponly, and some basic authentication.

Vulnerability impact: affect all versions of php and browser IE7
Bug fixes: recommended to temporarily remove the site of the phpinfo page to avoid being exploited.

JSON