Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > crack analyzes > Content
Hot Articles
GE-Fanuc CIMPLICITY w32r
CA BrightStor ARCserve B
Apple iPhone Passcode Lo
Apple iPhone Passcode Lo
BitTorrent and uTorrent
FoosunCMS Sql Injection
KMail password encryptio
Rainbow awareness tool t
IE7 0Day crack analysis
Roams through three secu
Discuz! NT 2.5 pour into
Cracking the password pr
Ghost has the crack mirr
phpinfo cross station sc
Tomcat crack's analysis
Recommend Articles
Roams through three secu
FoosunCMS Sql Injection
In PHPCMS2.4 an interest
World browser local xss
Z-blog cross station scr
About XSS crack another
hzhost hypothesized main
php the escapeshellcmd m
Thunderclap ActiveX cont
360 security browser loc
The third party browser
The careful character re
Maxthon roams through br
Yahoo! Statistical funct
Using sohu website URL s
New Articles
The H?to half of all mal
Capital protects eyes cr
Agents of the secret net
fingerPIN launches multi
Tips to supply household
OCS Resolution Security
Spyware attacks tripled
Drink and drug driving c
Forgot your password?has
PKWARE PartnerLink membe
Masternaut provides live
Troj / Erazer-A Trojan i
Hacker of 21?Years old,
Free Firefox anti-phishi
Cyber-criminals are not
phpinfo cross station script crack
  Add date: 07/16/2008   Publishing date: 07/16/2008   Hits: 24
Crack explanation:

php is one section the programming language which widely uses, may with do by the nesting in html the web procedure development. phpinfo() is uses for to demonstrate that the current php environment a function, many stands and the procedure can place phpinfo in own stand or demonstrated in the procedure, but in phpinfo has some security problems, causes the careful structoral data to be possible to have a cross station script crack, may use for to carry on the attack.

Crack origin: the phpinfo page has made the detailed filtration to the input parameter, but has not carried on charset to the output assigning, but in some browsers like in IE7, you may let its automatic selection code or assigns the code through a iframe page to it, like this may forgive phpinfo the filtration to have a cross station script crack.

Crack origin: http://www.80sec.com/release/phpinfo-xss.txt

Crack use: Is as follows using the code:

<html>
<head>
<META HTTP-EQUIV= " CONTENT-TYPE " CONTENT= " text/html; charset=UTF-7 " >
</head>
<body>
<iframe src= " http://www.80sec.com/phpinfo.php?+ADw-SCRIPT+AD4-alert(document.domain);+ADw-/SCRIPT+AD4-=1 " >

The above code 5.2.6 tests successfully in IE7+php. phpinfo page's xss even compares other pages to be more dangerous, if because has the phpinfo existence, the malicious aggressor may use phpinfo output bypass like httponly and some foundation authentication.

Crack influence: Affects all editions php and browser IE7
Crack patching: The suggestion deletes the stand the phpinfo page to avoid temporarily by the person use.
Prev:Using sohu website URL skipping crack deceit mailbox password Next:Ghost has the crack mirror image to restore needs the careful trap

Comment:

Category: Home > crack analyzes
Home