Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:22241
HistoryJul 30, 2009 - 12:00 a.m.

Cross-Site Scripting and Insufficient Anti-automation vulnerabilities in XAMPP

2009-07-3000:00:00
vulners.com
43
JSON

Hello 3APA3A!

I want to warn you about new security vulnerabilities in XAMPP.

These are Cross-Site Scripting and Insufficient Anti-automation vulnerabilities.

XSS:

http://site/xampp/iart.php?text=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E

Insufficient Anti-automation:

http://site/xampp/mailform.php

During access to admin panel and if SMTP Service (Mercury Mail) is turned on
it's possible to send spam due to lack of protection from automated requests.

Vulnerable are XAMPP 1.6.8 and previous versions. And potentially next versions
(including last version XAMPP 1.7.1).

I mentioned about these vulnerabilities at my site
(http://websecurity.com.ua/3257/).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

!DSPAM:4a6f3f1375339865147132!

JSON