The threat itself was inaccurately described and it took me a while to figure out exactly what was going on... Alerts were stating that the $_SERVER['PHP_INFO'] variable, which doesn't even exist, is the culprit... The variable in question is actually $_SERVER['PHP_SELF']... If anyone wants to insure that their system is not vulnerable to exploit attempts they can do so be simply adding the following line into their index.php parser file... I have tested Etomite with this line both as the first line of code, directly below the opening <?php tag as well as at the bottom of the script, directly above the comment line // first, set some settings, and do some stuff and both work equally well... At the top of the script is probably the easiest...
$_SERVER["PHP_SELF"] = htmlentities($_SERVER["PHP_SELF"]);
While the potential for Cross Server Scripting is somewhat remote, it can't hurt to have this extra line of code in place... The link to the best, yet still inaccurate, explanation is located at http://www.securityf...rchive/1/488122 for anyone interested...
While only a remote possibility, I cannot assure anyone that this patch will not have potentially adverse effects on snippet functionality... I have been running tests on my development sites, only one of which is open to the vulnerability, and have had no problems as of yet...
