[] NeoSense
E X P L O I T S
title author type platform port cve id

PHP 4 - 'PHPInfo()' Cross-Site Scripting

Author: Matthew Murphy
type: webapps
platform: php
port: 
date_added: 2002-10-12 
date_updated: 2017-10-12 
verified: 1 
codes: CVE-2002-1954;OSVDB-4619 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comphp-4.2.3.tar.gz
source: https://www.securityfocus.com/bid/7805/info

Scripts that include the PHP phpinfo() debugging function may be prone to cross-site scripting attacks. This could permit remote attackers to create a malicious link to a vulnerable PHP script that includes hostile client-side script code or HTML. If this link is visited, the attacker-supplied code may be rendered in the browser of the user who visit the malicious link.

http://www.example.com/info.php?variable=[code]

where [code] equals hostile HTML or script code.
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.