XAMPP cds.php Input XSS

2005-04-12T00:54:49
ID OSVDB:15632
Type osvdb
Reporter Morning Wood(se_cur_ity@hotmail.com)
Modified 2005-04-12T00:54:49

Description

Vulnerability Description

Xampp contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate variables upon submission to the "cds.php" script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Xampp contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate variables upon submission to the "cds.php" script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[victim]/xampp/cds.php

References:

Vendor URL: http://www.apachefriends.org/en/xampp.html Related OSVDB ID: 15634 Related OSVDB ID: 15633 Related OSVDB ID: 15635 Related OSVDB ID: 15636 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-04/0236.html Keyword: EXPL-A-2005-006 exploitlabs.com Advisory 034 CVE-2005-1077