Leyou - IT Security

… même sur w3.org.

En effet, le site officiel du WorldWide Web Consortium est vulnérable à cette faille :
http://www.php-security.org/MOPB/MOPB-08-2007.html

With PHP 4.4.3 a previously fixed bug that was disclosed at the end of October 2005 by the
Hardened-PHP Project was reintroduced. Again phpinfo() does not escape the content of user
supplied arrays in GET, POST or COOKIE variables when it displays them which leads to an
XSS vulnerability.

Par contre vu la taille du site, bonne chance pour trouver la localisation de la XSS

Trackback URI | Commentaires RSS