Vulnerability description: php is a widely used programming language, can be nested in the html with a to do web app development. phpinfo()is used to display the current php environment is a function of many site and program will phpinfo on your own site or on a program, but phpinfo in the presence of some security issues, leading to carefully constructed data can generate a cross site scripting vulnerability can be used to carry out the attack.
Vulnerability causes: the phpinfo page of the input parameters are detailed in the filter, but no output to the charset specified, and in some browsers such as IE7, you can let it automatically select the encoding or through an iframe page to it to specify the encoding, so that you can bypass the phpinfo of the filter and generates a cross-site scripting vulnerability. Vulnerability sources: http://www.80sec.com/ Exploit: the use of the code is as follows:
<html> <head> <META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </head> <body> <iframe src="http://www.80sec.com/phpinfo.php?+ ADw-SCRIPT+AD4-alert(document. domain);+ADw-/SCRIPT+AD4-=1">
The above code in IE7+php 5.2.6 the test is successful. the phpinfo pagexsseven more than other pages even more dangerous, because if there is a phpinfo exists, a malicious attacker can use the phpinfo output bypass such as httponly, and some basic authentication.
Vulnerability impact: affect all versions of php and browser IE7 Bug fixes: recommended to temporarily remove the site of the phpinfo page to avoid being exploited.