Tuesday, 29 January 2013

XSS Vulnerability in phpinfo()

Hi everyone,

I just found a very good post that discloses xss vulnerability in phpinfo. So the first one, is through the User Agent. In PHPINFO, it displays a bunch of information, and YOUR User Agent is included. So we need Tamper Data, for this. Open tamper data, and refresh the page. Once you’ve done that, change your User Agent to your XSS query. Then press okay, and the site will reload and execute your query.

          I guess that one isn’t very good for actually Seing people. So I also have a GET based XSS exploit in PHPINFO. It’s quite interesting. It is located in the PHP variables area. In a part of that section, it will show your GET request. But there’s a little catch. You must add a “[]” at the end of your GET variable, because once we do that, the PHPINFO thinks we’re using an Array. And that’s where our XSS is located. So for example:


Keep in mind it blocks “alert”.
That’s pretty much it, hope you guys find good use of it!

No comments:

Post a Comment

Note: only a member of this blog may post a comment.