exploit the possibilities

WampServer 2.2c Cross Site Scripting

WampServer 2.2c Cross Site Scripting
Posted Feb 17, 2012
Authored by LiquidWorm | Site zeroscience.mk

WampServer is vulnerable to cross site scripting vulnerability. This issue is due to the application's failure to properly sanitize user-supplied input thru the 'lang' parameter (GET) in index.php script. An attacker may leverage any of the cross site scripting issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials, phishing as well as other attacks.

tags | exploit, arbitrary, php, xss
advisories | CVE-2010-0700
MD5 | 16c272688e0bd7180ccef2edcaa0f8bb

WampServer 2.2c Cross Site Scripting

Change Mirror Download


WampServer <= 2.2c (lang) Remote Cross-Site Scripting Vulnerability


Vendor: Alter Way
Product web page: http://www.wampserver.com
Affected version: <= 2.2c (32/64bit)

Summary: WampServer is a Windows web development environment.
It allows you to create web applications with Apache2, PHP and
a MySQL database.

Desc: WampServer is vulnerable to cross-site scripting vulnerability.
This issue is due to the application's failure to properly sanitize
user-supplied input thru the 'lang' parameter (GET) in index.php script.
An attacker may leverage any of the cross-site scripting issues to have
arbitrary script code executed in the browser of an unsuspecting user in
the context of the affected site. This may facilitate the theft of cookie-based
authentication credentials, phishing as well as other attacks.


=================================================================
/index.php:
-----------
265: if (isset ($_GET['lang']))
266: {
267: $langue = $_GET['lang'];
268: }

=================================================================


Tested on: Microsoft Windows XP Professional SP3 (EN) 32bit
Microsoft Windows 7 Ultimate SP1 (EN) 64bit


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience


Vendor status:

[13.02.2012] Vulnerability discovered.
[16.02.2012] Vendor notified of the vulnerability.
[17.02.2012] Public security advisory released.


Advisory ID: ZSL-2012-5072
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5072.php

Related Advisory ID: ZSL-2010-4926
Related Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4926.php

CVE-2010-0700: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0700
CWE-79: http://cwe.mitre.org/data/definitions/79.html



13.02.2012

---

Dork:

"intext:WampServer - Donate - Alter Way"
"intitle:WAMPSERVER Homepage"


PoC:

http://localhost/?lang="><script>alert('zsl')</script>
http://localhost/index.php?lang="><script>alert('zsl')</script>

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

July 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    34 Files
  • 2
    Jul 2nd
    15 Files
  • 3
    Jul 3rd
    9 Files
  • 4
    Jul 4th
    8 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    3 Files
  • 7
    Jul 7th
    1 Files
  • 8
    Jul 8th
    15 Files
  • 9
    Jul 9th
    15 Files
  • 10
    Jul 10th
    20 Files
  • 11
    Jul 11th
    17 Files
  • 12
    Jul 12th
    15 Files
  • 13
    Jul 13th
    2 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    20 Files
  • 16
    Jul 16th
    27 Files
  • 17
    Jul 17th
    6 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close