ID: 39211 Updated by: [EMAIL PROTECTED] Reported By: josecarlos dot norte at gmail dot com -Status: Open +Status: Feedback -Bug Type: Reproducible crash +Bug Type: Unknown/Other Function Operating System: all PHP Version: 4.4.4 New Comment:
Please try using this CVS snapshot: http://snaps.php.net/php4-STABLE-latest.tar.gz For Windows: http://snaps.php.net/win32/php4-win32-STABLE-latest.zip Can't reproduce. Previous Comments: ------------------------------------------------------------------------ [2006-10-20 13:59:23] josecarlos dot norte at gmail dot com Description: ------------ the php function setcookie (ext/standar/head.c) is vulnerable to XSS issue, when parameters passed to setcookie comes from $_REQUEST, an attacker can produce a crash in php, and execute html/javascript code in the context of the vulnerable site. The example provided produce a Warning in php, and in the content of the warning html code is interpreted by the browser. Reproduce code: --------------- <?php setcookie("\n<h1>XSS'ED!</h1>","bug in setcookie function"); ?> Expected result: ---------------- the warning message should be parsed to clean html code, like all warnings in php, for security reasons Actual result: -------------- crash with html code executed. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=39211&edit=1
