Computer Security

Security Advisory: Cross-Site Scripting and Insufficient Anti-automation vulnerabilities in XAMPP
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  wordpress plugins wp-Table v1.52 Remote File Inclusion Vulnerability

From:MustLive <mustlive_(at)_websecurity.com.ua>
Date:30.07.2009
Subject:Cross-Site Scripting and Insufficient Anti-automation vulnerabilities in XAMPP

Hello 3APA3A!

I want to warn you about new security vulnerabilities in XAMPP.

These are Cross-Site Scripting and Insufficient Anti-automation vulnerabilities.

XSS:

http://site/xampp/iart.
php?text=%22%3E%3Cscript%3Ealert(document.
cookie)%3C/script%3E

Insufficient Anti-automation:

http://site/xampp/mailform.php

During access to admin panel and if SMTP Service (Mercury Mail) is turned on
it's possible to send spam due to lack of protection from automated requests.

Vulnerable are XAMPP 1.6.8 and previous versions. And potentially next versions
(including last version XAMPP 1.7.1).

I mentioned about these vulnerabilities at my site
(http://websecurity.com.ua/3257/).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

!DSPAM:4a6f3f1375339865147132!
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server