Sunday, May 2, 2010

PHP website XSS Defacement


Cross-site scripting , html injection and redirect on bugs.php.net and phpbuilder.com

Screenshots and proff of concept


Redirect from php site to google POC and XSS








Sample xss alert on phpbuilder.com






And now what about http://doc.php.net/phd/ar/phd/ ?






Shame! :( nothing more...

Update: derick@php.net
This bug has been fixed in SVN. Since the websites are not directly
updated from the SVN server, the fix might need some time to spread
across the globe to all mirror sites, including PHP.net itself.

Thank you for the report, and for helping us make PHP.net better.