From: ripe at 7a69ezine dot org
Operating system: Gentoo Linux
PHP version: 4.3.6
PHP Bug Type: Apache2 related
Bug description: Cross-Site scripting on mod_php error's page
Description:
------------
There is a cross-site scripting on mod_php error's
page that allow to execute javascript stuff.
You can reproduce the error following this
step-by-step:
1/ create a page with this content.
<? include($_GET['inc'] ?>
2/ Try http://host/file.php?inc=<script>alert()</script>
3/ An alert() popup is opened.
It can allow, on a not-well coded websites, to
change an inofensive error (yes, I know that an include is
not inofensive but its only the example) to potential XSS
error that can allow a malicious user, using a litle
social engineering, to seize a cookie session or other
data.
Expected result:
----------------
--
Edit bug report at http://bugs.php.net/?id=28946&edit=1
--
Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=28946&r=trysnapshot4
Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=28946&r=trysnapshot5
Fixed in CVS: http://bugs.php.net/fix.php?id=28946&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=28946&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=28946&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=28946&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=28946&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=28946&r=support
Expected behavior: http://bugs.php.net/fix.php?id=28946&r=notwrong
Not enough info: http://bugs.php.net/fix.php?id=28946&r=notenoughinfo
Submitted twice: http://bugs.php.net/fix.php?id=28946&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=28946&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=28946&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=28946&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=28946&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=28946&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=28946&r=float
