what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Hardened-PHP Project Security Advisory 2005-18.77

Hardened-PHP Project Security Advisory 2005-18.77
Posted Nov 1, 2005
Authored by Stefan Esser, Hardened-PHP Project | Site hardened-php.net

A weakness in PHP's phpinfo() function allows for cross site scripting attacks. Affected versions are PHP4 versions 4.4.0 and below and PHP5 versions 5.0.5 and below.

tags | advisory, php, xss
SHA-256 | 36fa6835dbeb10584c5e0f7fa40b5dfc12ef31a054c790a4bd79c93d91e4cddb

Hardened-PHP Project Security Advisory 2005-18.77

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hardened-PHP Project
www.hardened-php.net

-= Security Advisory =-


Advisory: PHP Cross Site Scripting (XSS) Vulnerability in phpinfo()
Release Date: 2005/10/31
Last Modified: 2005/10/31
Author: Stefan Esser [sesser@hardened-php.net]

Application: PHP4 <= 4.4.0
PHP5 <= 5.0.5
Severity: A Cross Site Scripting (XSS) Vulnerability in phpinfo()
could f.e. lead to cookie data exposure if an info
script is left on a production server.
Risk: Low
Vendor Status: Vendor has released a bugfixed PHP 4 version
References: http://www.hardened-php.net/advisory_182005.77.html


Overview:

PHP is a widely-used general-purpose scripting language that is
especially suited for Web development and can be embedded into HTML.

During the development of the Hardening-Patch which adds security
hardening features to the PHP codebase, several vulnerabilities
within PHP were discovered. This advisory describes one of these
flaws concerning a weakness in the phpinfo() function, which allows
Cross Site Scripting (XSS).


Details:

The phpinfo() function outputs a large amount of information about
the current state of PHP. This includes information about PHP
compilation options and extensions, the PHP version, server
information and environment (if compiled as a module), the PHP
environment, OS version information, paths, master and local
values of configuration options and request variables, HTTP
headers, and the PHP License.

Because phpinfo() leaks a lot of information to the viewer it is
not recommended to leave a script executing phpinfo() on a
production server. However in reality phpinfo() scripts are left
open on a lot of servers. While this is already bad enough, there
is also a problem when request variables of a certain form are
displayed. With a properly crafted URL, that contains a stacked
array assignment it is f.e. possible to inject HTML code into the
output of phpinfo(), which could result in the leakage of domain
cookies (f.e. session identifiers).


Proof of Concept:

The Hardened-PHP project is not going to release exploits for any
of these vulnerabilities to the public.


Recommendation:

It is strongly recommended to never leave phpinfo() scripts on
production servers, additionally it is recommended to upgrade to
the new PHP-Releases as soon as possible, because it also fixes
a few vulnerabilities, that are rated critical. Finally we always
recommend to run PHP with the Hardening-Patch applied.


GPG-Key:

http://www.hardened-php.net/hardened-php-signature-key.asc

pub 1024D/0A864AA1 2004-04-17 Hardened-PHP Signature Key
Key fingerprint = 066F A6D0 E57E 9936 9082 7E52 4439 14CC 0A86 4AA1


Copyright 2005 Stefan Esser. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQFDZhz7RDkUzAqGSqERAt9xAJ9n80d64fyNFyeWWwEVnsHfuyjE8wCeNgx3
OhyWy37m+0oH/xv6yIcNaCs=
=X39u
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close