发布时间 :2002-12-31 00:00:00
修订时间 :2008-09-05 16:31:56

[原文]Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.2.3 allows remote attackers to inject arbitrary web script or HTML via the query string argument, as demonstrated using soinfo.php.


        PHP 4.2.3版本的phpinfo函数存在跨站脚本(XSS)漏洞。远程攻击者可以借助query字符串参数注入任意web脚本或HTML,正如使用soinfo.php。

- CVSS (基础分值)

CVSS分值: 4.3 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: MEDIUM [漏洞利用存在一定的访问条件]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  XF  php-phpinfo-xss(10355)
(UNKNOWN)  VULNWATCH  20021013 PHP Information Functions May Allow Cross-Site Scripting
(UNKNOWN)  BUGTRAQ  20030603 PHP XSS exploit in phpinfo()

- 漏洞信息

中危 跨站脚本
2002-12-31 00:00:00 2005-10-20 00:00:00
        PHP 4.2.3版本的phpinfo函数存在跨站脚本(XSS)漏洞。远程攻击者可以借助query字符串参数注入任意web脚本或HTML,正如使用soinfo.php。

- 公告与补丁


- 漏洞信息 (22725)

PHP 4 PHPInfo Cross-Site Scripting Vulnerability (EDBID:22725)
php webapps
2002-10-12 Verified
0 Matthew Murphy
N/A [点击下载]

Scripts that include the PHP phpinfo() debugging function may be prone to cross-site scripting attacks. This could permit remote attackers to create a malicious link to a vulnerable PHP script that includes hostile client-side script code or HTML. If this link is visited, the attacker-supplied code may be rendered in the browser of the user who visit the malicious link.[code]

where [code] equals hostile HTML or script code. 		

- 漏洞信息

PHP phpinfo() Function Query String XSS
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Public

- 漏洞描述

PHP contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "phpinfo()" variable upon submission to the "soinfo.php" script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

- 时间线

2002-10-12 Unknow
2002-10-12 Unknow

- 解决方案

Upgrade to version 4.3.5 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: set expose_php = Off in php.ini

- 相关参考

- 漏洞作者

Unknown or Incomplete