|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #18553 phpinfo() allows cross-site scripting
Submitted: 2002-07-24 20:52 UTC Modified: 2002-07-25 04:32 UTC
From: olegpro at operamail dot com Assigned:
Status: Not a bug Package: Feature/Change Request
PHP Version: 4.2.2 OS: Win'2k
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
Solve the problem:
31 - 19 = ?
Subscribe to this entry?

 [2002-07-24 20:52 UTC] olegpro at operamail dot com

phpinfo() is vulnerable to cross-site scripting.
printing of _SERVER["argv"] of is vulnerable.

// phpinfo.php

http://localhost/phpinfo.php?z=<SCRIPT>alert('Hello world!');</SCRIPT>


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2002-07-25 04:32 UTC]
Sorry, but the bug system is not the appropriate forum for asking
support questions. Your problem does not imply a bug in PHP itself.
For a list of more appropriate places to ask for help using PHP,
please visit

Thank you for your interest in PHP.
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Sun Jul 03 18:03:33 2022 UTC