PHP "phpinfo()" Cross-Site Scripting and Security Bypass on Windows 2003 server

How do I fix PHP "phpinfo()" Cross-Site Scripting and Security Bypass on a PHP that installed on windows 2003 server.
the problem is as you can read at:
http://secunia.com/advisories/19599
yalovAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ahoffmannCommented:
simply disable phpinfo() function in php.ini using disable_functions, see:
http://www.php.net/manual/en/features.safe-mode.php#ini.disable-functions

0
yalovAuthor Commented:
But this will only clos the phpinfo. will it stop the possiblity to do copy() as was written at:http://secunia.com/advisories/19599    ?
0
ahoffmannCommented:
if you disable copy() then this bug will be closed too
but I guess that you better update PHP
0
Powerful Yet Easy-to-Use Network Monitoring

Identify excessive bandwidth utilization or unexpected application traffic with SolarWinds Bandwidth Analyzer Pack.

yalovAuthor Commented:
There is no updating fot the php this time. there is no new version of php...
0
ahoffmannCommented:
AFAIK it's difficult to exploit copy() this way; it's only possible if someone manages to execute malicious PHP-scripts on your server. If you don't trust your programmers, then disable copy() with disable_functions in php.ini and restart your server.
0
yalovAuthor Commented:
if I disable copy() what will happend to websites in my server in case they are using php. what will not work for them?
0
ahoffmannCommented:
> what will not work for them?
sorry, but this is a joke, isn't it?
anything which uses copy() somehow will have problems, at least the copy part of the scripts will fail.
0
yalovAuthor Commented:
So this is not good....
0
ahoffmannCommented:
unfortunatelly you have to make a decission: either trust your scripts that they don't use copy() in a malicous way, or disable copy() and have some scripts not working (which are probably those to be dangerous)
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ahoffmannCommented:
hmm, strange grading ...
I gave all possibilities to work around the bug/vulnerability, whatelse did you expect? a PHP patch?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.