Re: phpinfo() XSS Vulnerability

From: Salvatore Fresta aka Drosophila <drosophilaxxx@gmail.com>
To: bugtraq@securityfocus.com
Cc:
Subject: Re: phpinfo() XSS Vulnerability
Date:


I tested it with php 5.1.6 and 5.2.6 and seems not work. The
request_uri's content is encoded before to be printed:

/phpinfo.php?+%3CScRipT%3Ealert(0111001101100101011000110111010101110010011010010111010001111001);%3C/sCrIpT%3E+

-- 
Salvatore Fresta aka Drosophila
http://www.salvatorefresta.net
CWNP444351





Copyright © 1995-2020 LinuxRocket.net. All rights reserved.