Exploit Title: XAMPP 1.7.0 Reflected Cross-Site Scripting
Date: 14 June 2019
Vendor Homepage: https://www.apachefriends.org/index.html
What is cross-site scripting (XSS)?
Cross-site scripting (also known as XSS) is a web application vulnerability that allows an attacker to compromise the interaction of users with a vulnerable web application. Typically on exploiting an XSS vulnerability the attacker masquerades itself as the victim user and gains access to all the data and privileges of the victim. If the victim user has privileged access within the application, then the attacker might be able to gain full control over all of the application's functionality and data.
How does XSS work?
There are three major types of XSS attacks.
- Reflected XSS, where the malicious script comes from the current HTTP request.
- Stored XSS, where the malicious script comes from the website's database.
- DOM-based XSS, where the vulnerability exists in client-side code rather than server-side code
In this post, we will be focusing on Reflected XSS.
Now, let us look at the steps of exploitation for the attack.
- Go to the following http://domain.com/xampp/iart.php
- Append the following string to the above URL: ”abcd><script>alert(“XSS”)</script>xyzj
- Click the “Enter” button
Note: Check the attached screenshot to see the actual XSS vulnerability.
An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content of the HTML page.
Firefox ESR 52.7.3 (64 Bit)
Exhibit 1, shows the version details of the XAMPP that was tested
Exhibit 2, shows that the malformed URL makes the application vulnerable to Reflected XSS.
Exhibit 3, shows the response body of the server after receiving the malformed URL.
Article Link: https://blog.lucideus.com/2019/07/xampp-170-reflected-cross-site-scripting.html