Cross site scripting

XAMPP 1.8.1 does not properly restrict access to xampp/lang.php, which allows remote attackers to modify xampp/lang.tmp and execute cross-site scripting XSS attacks via the WriteIntoLocalDisk method...

XAMPP 1.8.1 (lang.php, WriteIntoLocalDisk method) - Local Write Access Vulnerability

No description provided by source. 通过访问以下链接： http://www.example.com/xampp/lang.php?WriteIntoLocalDisk 发现以下文件已经被修改： http://www.example.com/xampp/lang.tmp EXPLOIT-DB来源：https://www.exploit-db.com/exploits/28654/...