Exploit Title: XAMPP <= 1.7.3 multiple vulnerabilites
Author: TheLeader Software Link: https://www.apachefriends.org/en/xampp-windows.html Affected Version: 1.7.3 and prior Tested on Windows XP Hebrew, Service Pack 3
I. File disclosure : XAMPP is vulnerable to a remote file disclosure attack.
The vulnerability exists within the web application supplied with XAMPP.
II. Cross Site Scripting : It is interesting to see the same programming error lead to another security vulnerability.Some PHP scripts in the XAMPP dir rely on $_SERVER['PHP_SELF'] for retrieving the "action" tag for HTML forms.This can be exploited to perform Cross Site Scripting attacks.
Exploit Link : https://inj3ct0r.com/exploits/14686