• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

PHPsysInfo Multiple Input Validation Vulnerabilities


phpSysinfo is prone to multiple input-validation vulnerabilities:

- a local file-include issue
- an HTTP response-splitting vulnerability
- cross-site scripting attacks.

These issues are due to a lack of proper sanitization of user-supplied input.

An attacker may exploit these vulnerabilities to access files within the context of the webserver application, to poison web proxy server caches, and to execute arbitrary HTML and script code within the context of the victim's browser.

Other attacks are also possible.

Note that the cross-site scripting issues are not exploitable on Debian systems.