<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos network security services platform

Full Disclosure: Re: MOPB-08-2007 - dejavu of dejavu

Re: MOPB-08-2007 - dejavu of dejavu

From: Stefan Esser <sesser_at_hardened-php.net>
Date: Sun, 04 Mar 2007 20:18:46 +0100

hello 3APA3A schrieb:
> Hello mopb,
>
> phpinfo() crossite scripting
>
> http://www.php-security.org/MOPB/MOPB-08-2007.html
>
> was initially(?) reported in 2003 by Silent Needle
>
> http://securityvulns.com/docs4647.html
>
Well technically it is a different XSS vulnerability. The one by silent
needle obviously affected string variable output.
The XSS in MOPB affects only array variable output.

Stefan Esser

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Received on Mar 04 2007

This message: [ Message body ]
Next message: Sebastian Wolfgarten: "Arbitrary file disclosure vulnerability in rrdbrowse <= 1.6"
Previous message: Valdis.Kletnieks_at_vt.edu: "Re: PostScript security research"
In reply to: 3APA3A: "MOPB-08-2007 - dejavu of dejavu"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]