|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2006-10-20 14:26 UTC] tony2001@php.net
[2006-10-28 01:00 UTC] php-bugs at lists dot php dot net
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Sat Apr 20 04:01:28 2024 UTC |
Description: ------------ the php function setcookie (ext/standar/head.c) is vulnerable to XSS issue, when parameters passed to setcookie comes from $_REQUEST, an attacker can produce a crash in php, and execute html/javascript code in the context of the vulnerable site. The example provided produce a Warning in php, and in the content of the warning html code is interpreted by the browser. Reproduce code: --------------- <?php setcookie("\n<h1>XSS'ED!</h1>","bug in setcookie function"); ?> Expected result: ---------------- the warning message should be parsed to clean html code, like all warnings in php, for security reasons Actual result: -------------- crash with html code executed.