Exploit Title: XAMPP <= 1.7.3 multiple vulnerabilites
Author: TheLeader
Software Link: https://www.apachefriends.org/en/xampp-windows.html
Affected Version: 1.7.3 and prior
Tested on Windows XP Hebrew, Service Pack 3
https://images.tblog.com/user_images/1213841656_kinghavoc.gif
I. File disclosure : XAMPP is vulnerable to a remote file disclosure attack.
The vulnerability exists within the web application supplied with XAMPP.
II. Cross Site Scripting : It is interesting to see the same programming error lead to another security vulnerability.Some PHP scripts in the XAMPP dir rely on $_SERVER['PHP_SELF'] for retrieving the "action" tag for HTML forms.This can be exploited to perform Cross Site Scripting attacks.
Exploit Link : https://inj3ct0r.com/exploits/14686






Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.