On the PHP Security Blog, there's three new posts that Stefan Esser has written up that demonstrate some of the more destructive uses of Javascript that he's found:

• JavaScript/HTML Portscanning and HTTP Auth
• Bruteforcing HTTP Auth in Firefox with JavaScript
• JavaScript Scanning and expose_php=On

While the first two are interesting, it's the last of these that most directly applies to PHP. He gives a simple "proof of concept" that checks to see if the embedded image is the correct "size" to be related to a webserver running PHP with the expose_php setting set to "on".

On the PHP Security Blog, there's three new posts that Stefan Esser has written up that demonstrate some of the more destructive uses of Javascript that he's found:

• JavaScript/HTML Portscanning and HTTP Auth
• Bruteforcing HTTP Auth in Firefox with JavaScript
• JavaScript Scanning and expose_php=On

While the first two are interesting, it's the last of these that most directly applies to PHP. He gives a simple "proof of concept" that checks to see if the embedded image is the correct "size" to be related to a webserver running PHP with the expose_php setting set to "on".