('binary' encoding is not supported, stored as-is) PHP XSS exploit in phpinfo() by Silent Needle A: BACKGROUND(from php.net) int phpinfo ( [int what]) Outputs a large amount of information about the current state of PHP. This includes information about PHP compilation options and extensions, the PHP version, server information and environment (if compiled as a module), the PHP environment, OS version information, paths, master and local values of configuration options, HTTP headers, and the PHP License. Because every system is setup differently, phpinfo() is commonly used to check configuration settings and for available predefined variables on a given system. Also, phpinfo() is a valuable debugging tool as it contains all EGPCS (Environment, GET, POST, Cookie, Server) data. The output may be customized by passing one or more of the following constants bitwise values summed together in the optional what parameter. One can also combine the respective constants or bitwise values together with the or operator. B: DESCRIPTION The cross site scripting allow you to print a html or javascript or others in the webpage when it just open not write in the page. C: EXPLOIT If you found a page running phpinfo(); like this http://[site]/info.php you can make a xss by adding any variable and put a html or javascript value for it like this THE EXPLOIT URL: http://[site]/info.php?variable=[SCRIPT] and you can change [SCRIPT] with any html or javascript code note: you can steal cookies by this way only if it was in the same folder with any prog using cookies. D: GREETZ To : SP.IC , DR^^FUNNY , ARAB-HAK , ZALABOZA , OH SHE IS A LITTLE RUN AWAY :) E:CONTACT Silent Needle silentneedleat_private F:OH LONG NIGHT Bye
This archive was generated by hypermail 2b30 : Wed Jun 04 2003 - 10:13:13 PDT