|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: PHP XSS exploit in phpinfo()
From: Daniel Naber (daniel.naber
t-online.de)
Date: Wed Jun 04 2003 - 14:05:15 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Tuesday 03 June 2003 15:30, silent needle wrote:
> A: BACKGROUND(from php.net)
> int phpinfo ( [int what])
> Outputs a large amount of information about the current state of PHP.
And because of that amount of information it's a security issue if
phpinfo() is publically available at all, not just because you can do XSS
with it. (Of course it should be fixed anyway.)
Regards
Daniel
--
http://www.danielnaber.de
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]