Exploit Title: XAMPP <= 1.7.3 multiple vulnerabilites
Author: TheLeader Software Link: http://www.apachefriends.org/en/xampp-windows.html Affected Version: 1.7.3 and prior Tested on Windows XP Hebrew, Service Pack 3
I. File disclosure : XAMPP is vulnerable to a remote file disclosure attack.
The vulnerability exists within the web application supplied with XAMPP.
II. Cross Site Scripting : It is interesting to see the same programming error lead to another security vulnerability.Some PHP scripts in the XAMPP dir rely on $_SERVER['PHP_SELF'] for retrieving the "action" tag for HTML forms.This can be exploited to perform Cross Site Scripting attacks.
Exploit Link : http://inj3ct0r.com/exploits/14686
Author Info
Mohit Kumar aka 'Unix Root' is Founder and Editor-in-chief of 'The Hacker News'. He is a Security Researcher and Analyst, with experience in various aspects of Information Security. Other than this : He is an Internet Activist, Strong supporter of Anonymous & Wikileaks. Follow him @ Twitter | LinkedIn | Google | Email | Facebook Profile
