Steady, Matt. We’re not selling them so it’s okay, right? Actually I won’t even be providing them. It’s all down to the good folks at PHP.
Some of us might remember the Month of PHP Bugs in March, which I have to say passed without great fanfare. I think it’s probably because it made us all look bad so less said about that the better. Anyway I was reviewing today’s server patches (via the magical apticron utility) which reminded me that I should probably review the results of the MOPB. Boy am I glad I did!
Basically, it’s an XSS vulnerability in the phpinfo() function which gives unescaped output for all user-submitted arrays in GET, POST and Cookies.
Well if anyone has a spare phpinfo() for PHP versions 4.4.3 -> 4.4.6 hanging about, try appending this to its URL:
Then scroll down to “PHP Variables”. If you have an exploitable version, you should get one, clean, un-condomned backlink. Ain’t that precious? So all you would need to do is to get a bunch of them indexed and you’re happy as Larry. However happy he is.
Now would anyone like 60,600 free backlinks?
PS. For those that don’t get it yet, this post was written by Rob, one of Dave’s programmers. In Vim. Proudly.