Simon Willison’s Weblog

PHP 4 phpinfo() XSS Vulnerability. Another reason not to run an open phpinfo() page on your server.

Posted 4th March 2007 at 9:24 pm

Recent articles

Video: Building a tool to copy-paste share terminal sessions using Claude Code for web - 23rd October 2025
Dane Stuckey (OpenAI CISO) on prompt injection risks for ChatGPT Atlas - 22nd October 2025
Living dangerously with Claude - 22nd October 2025

php 181 phpinfo 1 security 560 xss 60

Monthly briefing

Sponsor me for $10/month and get a curated email digest of the month's most important LLM developments.

Pay me to send you less!

Sponsor & subscribe