----- Original Message -----
From: "silent needle" <silentneedle@hotmail.com>
To: <bugtraq@securityfocus.com>
Sent: Tuesday, June 03, 2003 5:30 AM
Subject: PHP XSS exploit in phpinfo()


>
>
> PHP XSS exploit in phpinfo() by Silent Needle
>
> A: BACKGROUND(from php.net)
> int phpinfo ( [int what])
> Outputs a large amount of information about the current state of PHP. This
> includes information about PHP compilation options and extensions, the PHP
> version, server information and environment (if compiled as a module), the
> PHP environment, OS version information, paths, master and local values of
> configuration options, HTTP headers, and the PHP License.
>
> Because every system is setup differently, phpinfo() is commonly used to
> check configuration settings and for available predefined variables on a
> given system. Also, phpinfo() is a valuable debugging tool as it contains
> all EGPCS (Environment, GET, POST, Cookie, Server) data.
> The output may be customized by passing one or more of the following
> constants bitwise values summed together in the optional what parameter.
> One can also combine the respective constants or bitwise values together
> with the or operator.
>
> B: DESCRIPTION
> The cross site scripting allow you to print a html or javascript or others
> in the webpage
> when it just open not write in the page.
>
> C: EXPLOIT
> If you found a page running phpinfo(); like this
> http://[site]/info.php
> you can make a xss by adding any variable and put a html or javascript
> value for it like this
> THE EXPLOIT URL:
> http://[site]/info.php?variable=[SCRIPT]
> and you can change [SCRIPT] with any html or javascript code
> note:
> you can steal cookies by this way only if it was in the same folder with
> any prog using cookies.
>
> D: GREETZ
> To : SP.IC , DR^^FUNNY , ARAB-HAK , ZALABOZA , OH SHE IS A LITTLE RUN
> AWAY :)
>
> E:CONTACT
> Silent Needle
> silentneedle@hotmail.com
>
> F:OH LONG NIGHT
> Bye
>