PHP "phpinfo()" Cross-Site Scripting and Security Bypass on Windows 2003 server

How do I fix PHP "phpinfo()" Cross-Site Scripting and Security Bypass on a PHP that installed on windows 2003 server.
the problem is as you can read at:
http://secunia.com/advisories/19599
yalovAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
ahoffmannConnect With a Mentor Commented:
unfortunatelly you have to make a decission: either trust your scripts that they don't use copy() in a malicous way, or disable copy() and have some scripts not working (which are probably those to be dangerous)
0
 
ahoffmannCommented:
simply disable phpinfo() function in php.ini using disable_functions, see:
http://www.php.net/manual/en/features.safe-mode.php#ini.disable-functions

0
 
yalovAuthor Commented:
But this will only clos the phpinfo. will it stop the possiblity to do copy() as was written at:http://secunia.com/advisories/19599    ?
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
ahoffmannCommented:
if you disable copy() then this bug will be closed too
but I guess that you better update PHP
0
 
yalovAuthor Commented:
There is no updating fot the php this time. there is no new version of php...
0
 
ahoffmannCommented:
AFAIK it's difficult to exploit copy() this way; it's only possible if someone manages to execute malicious PHP-scripts on your server. If you don't trust your programmers, then disable copy() with disable_functions in php.ini and restart your server.
0
 
yalovAuthor Commented:
if I disable copy() what will happend to websites in my server in case they are using php. what will not work for them?
0
 
ahoffmannCommented:
> what will not work for them?
sorry, but this is a joke, isn't it?
anything which uses copy() somehow will have problems, at least the copy part of the scripts will fail.
0
 
yalovAuthor Commented:
So this is not good....
0
 
ahoffmannCommented:
hmm, strange grading ...
I gave all possibilities to work around the bug/vulnerability, whatelse did you expect? a PHP patch?
0
All Courses

From novice to tech pro — start learning today.