PHP PHPInfo phpinfo (info.c) 跨站脚本攻击漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1110002 漏洞类型 跨站脚本
发布时间 2006-04-03 更新时间 2007-01-25
CVE编号 CVE-2006-0996 CNNVD-ID CNNVD-200604-117
漏洞平台 PHP CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/27564
https://www.securityfocus.com/bid/17362
https://cxsecurity.com/issue/WLB-2006040011
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200604-117
|漏洞详情
PHP5.1.2和4.4.2中的phpinfo(info.c)存在跨站脚本攻击(XSS)漏洞。这使得远程攻击者可以借助于长的数组变量注入任意Web脚本或HTML。所述长整型数组变量包括(1)大量的数值或(2)长整型值。该漏洞阻止删除HTML标记。
|漏洞EXP
source: http://www.securityfocus.com/bid/17362/info

PHP is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. 

An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

PHP is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. 

An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

http://www.example.com/phpinfo.php?cx[][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]=[XSS]
http://www.example.com/phpinfo.php?cx[]=ccccc..~4096chars...ccc[XSS]
|受影响的产品
Ubuntu Ubuntu Linux 5.10 sparc Ubuntu Ubuntu Linux 5.10 powerpc Ubuntu Ubuntu Linux 5.10 i386 Ubuntu Ubuntu Linux 5.10 amd64 Ubuntu Ubuntu Linux 5.0 4 powerpc Ubuntu Ubuntu
|参考资料

来源:MLIST
名称:[php-cvs]20060330cvs:php-src/ext/standardinfo.c
链接:http://marc.theaimsgroup.com/?l=php-cvs&m=114374620416389&w=2
来源:cvs.php.net
链接:http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/info.c?r1=1.260&r2=1.261
来源:XF
名称:php-phpinfo-long-array-xss(25702)
链接:http://xforce.iss.net/xforce/xfdb/25702
来源:UBUNTU
名称:USN-320-1
链接:http://www.ubuntu.com/usn/usn-320-1
来源:BID
名称:17362
链接:http://www.securityfocus.com/bid/17362
来源:REDHAT
名称:RHSA-2006:0501
链接:http://www.redhat.com/support/errata/RHSA-2006-0501.html
来源:www.php.net
链接:http://www.php.net/ChangeLog-4.php#4.4.3
来源:OSVDB
名称:24484
链接:http://www.osvdb.org/24484
来源:SUSE
名称:SUSE-SA:2006:024
链接:http://www.novell.com/linux/security/advisories/05-05-2006.html
来源:MANDRIVA
名称:MDKSA-2006:074
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2006:074
来源:VUPEN
名称:ADV-2006-2685
链接:http://www.frsirt.com/english/advisories/2006/2685
来源:VUPEN
名称:ADV-2006-1290
链接:http://www.frsirt.com/english/advisories/2006/1290
来源:support.avaya.com
链接:ht