# Exploit Title: Milw0rm Clone Script 1.0 - XSS Vulnerability # Date: 03.09.2015 # Exploit Author: CrashBandicot @DosPerl # Vendor Homepage: http://milw0rm.sourceforge.net/ # Software Link: http://sourceforge.net/projects/milw0rm/files/milw0rm.rar/download # Version: v1.0 # Tested on: MSWin64 Vulnerable File : install/step1.php 53. ... 61. ... 70. ... 78. File /install/step1.php Method : POST Vuln Parameter : SERVER_NAME , SERVER_USER , SERVER_PASS , SERVER_DB