20406 : PHP phpinfo() Function Stacked Array Assignment XSS
Printer | http://osvdb.org/20406 | Email This | Edit Vulnerability

Views This Week

Views All Time

Info

Last Modified

about 1 year ago

Percent Complete

90%

Disclosure

Oct 31, 2005

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

PHP contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate input (i.e. crafted URL with a stacked array assignment) passed to the phpinfo() function. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Rumored / Private
OSVDB: Web Related

Solution

Upgrade to version 4.4.1, 5.1.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

The PHP Group	PHP	5.0.0
		5.0.1
		5.0.2
		4.0.x
		4.1.x
		4.2.x
		4.4.0
		5.0.5
		4.3.x
		5.0.4
		5.0.3

References

Security Tracker: 1015130
ISS X-Force ID: 10355
Bugtraq ID: 15248
Secunia Advisory ID: 17371 17490 17510 17531 17557 17666 17757 18198 18669 21252 22691
CVE ID: 2005-3388 (see also: NVD)
Related OSVDB ID: 20407 20408
Other Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20051101-01-U.asc http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:213
http://www.gentoo.org/security/en/glsa/glsa-200511-08.xml
http://www.hardened-php.net/advisory_182005.77.html
http://www.ubuntu.com/usn/usn-232-1
Keyword: HPSBMA02159,SSRT061238
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0645.html
http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0650.html
http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0652.html
http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0653.html
http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0659.html
http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0093.html
Vendor Specific Advisory URL: http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522
http://support.avaya.com/elmodocs2/security/ASA-2006-037.htm
http://www.trustix.org/errata/2005/0062/
Vendor URL: http://www.php.net/
Vendor Specific News/Changelog Entry: http://www.php.net/release_4_4_1.php
RedHat RHSA: RHSA-2005:831 RHSA-2006:0549

Tools & Filters

Nikto	3411
Nessus	20111 20186 20187 20195 20206 20207 20445 20776

Manual Testing Notes

Credit

Unknown or Incomplete

Blogs

Provided by Technorati

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

DONATE NOW!

User Status

Account
- Login
- Sign-Up

Quick Searches

Views This Week

Views All Time

Info

Last Modified

Percent Complete

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

The PHP Group

PHP

References

Tools & Filters

Manual Testing Notes

Credit

Blogs

Comments