Milw0rm Clone Script version 1.0 suffers from a cross site scripting vulnerability.
d1276ed90e65a1b97fd5cb7294a51f4fcbefcba9158665a5f76c46ca445c989d
# Exploit Title: Milw0rm Clone Script 1.0 - XSS Vulnerability
# Date: 03.09.2015
# Exploit Author: CrashBandicot @DosPerl
# Vendor Homepage: http://milw0rm.sourceforge.net/
# Software Link: http://sourceforge.net/projects/milw0rm/files/milw0rm.rar/download
# Version: v1.0
# Tested on: MSWin64
Vulnerable File : install/step1.php
53. <input type="text" name="SERVER_NAME" value="<? echo $_POST['SERVER_NAME']; ?>">
...
61. <input type="text" name="SERVER_USER" value="<? echo $_POST['SERVER_USER']; ?>">
...
70. <input type="text" name="SERVER_PASS" value="<? echo $_POST['SERVER_PASS']; ?>">
...
78. <input type="text" name="SERVER_DB" value="<? echo $_POST['SERVER_DB']; ?>">
File /install/step1.php
Method : POST
Vuln Parameter : SERVER_NAME , SERVER_USER , SERVER_PASS , SERVER_DB