PHP XSS exploit in phpinfo()

PHP XSS exploit in phpinfo() by Silent Needle

A: BACKGROUND(from php.net)

int phpinfo ( [int what])

Outputs a large amount of information about the current state of PHP. This

includes information about PHP compilation options and extensions, the PHP

version, server information and environment (if compiled as a module), the

PHP environment, OS version information, paths, master and local values of

configuration options, HTTP headers, and the PHP License.

Because every system is setup differently, phpinfo() is commonly used to

check configuration settings and for available predefined variables on a

given system. Also, phpinfo() is a valuable debugging tool as it contains

all EGPCS (Environment, GET, POST, Cookie, Server) data.

The output may be customized by passing one or more of the following

constants bitwise values summed together in the optional what parameter.

One can also combine the respective constants or bitwise values together

with the or operator.

B: DESCRIPTION

The cross site scripting allow you to print a html or javascript or others

in the webpage

when it just open not write in the page.

C: EXPLOIT

If you found a page running phpinfo(); like this

http://[site]/info.php

you can make a xss by adding any variable and put a html or javascript

value for it like this

THE EXPLOIT URL:

http://[site]/info.php?variable=[SCRIPT]

and you can change [SCRIPT] with any html or javascript code

note:

you can steal cookies by this way only if it was in the same folder with

any prog using cookies.

D: GREETZ

To : SP.IC , DR^^FUNNY , ARAB-HAK , ZALABOZA , OH SHE IS A LITTLE RUN

AWAY :)

E:CONTACT

Silent Needle

[email protected]

F:OH LONG NIGHT

Bye