WampServer
Apache, PHP, MySQL
on Windows
Reporting Vulnerability
Posted by:
fransalles
(---.virtua.com.br)
Date: November 17, 2018 08:56PM
Hi,
I want to report I found a XSS and HTTP Parameter Pollution on a main panel. May I post the complete payload here? I have a video too.
Edited 1 time(s). Last edit at 11/17/2018 08:57PM by fransalles.
I want to report I found a XSS and HTTP Parameter Pollution on a main panel. May I post the complete payload here? I have a video too.
Edited 1 time(s). Last edit at 11/17/2018 08:57PM by fransalles.
Re: Reporting Vulnerability
Posted by:
Otomatic
(Moderator)
Date: November 17, 2018 09:38PM
Hi,
I just sent you a message by Private Message from the forum with the email address where you can get in touch.
Fix will be with update 3.1.5
------------------------------------------------------------------------------------------------------------
Wampserver 3.3.0 32 bit - Apache 2.4.54.2 - PHP 8.2.0…7.4.33 - MySQL 5.7.40 - MariaDB 10.5.13/10.6.5
Wampserver 3.3.0 64 bit - Apache 2.4.54.2 - PHP 8.2.0…7.4.33 - MySQL 5.7.40/8.0.31 - MariaDB 10.5.17/10.10.2
PhPMyadmin 5.2.0 - MysqlDumper 1.24.5 on W10 Pro 64 bit
Documentation Apache - Documentation PHP - Documentation MySQL - Wampserver install files & addons
« Ce n'est pas parce qu'ils sont nombreux à avoir tort, qu'ils ont forcément raison. Coluche »
« It's not because they are many to be wrong, they are necessarily right. Coluche »
Edited 1 time(s). Last edit at 11/18/2018 01:28PM by Otomatic.
I just sent you a message by Private Message from the forum with the email address where you can get in touch.
Fix will be with update 3.1.5
------------------------------------------------------------------------------------------------------------
Wampserver 3.3.0 32 bit - Apache 2.4.54.2 - PHP 8.2.0…7.4.33 - MySQL 5.7.40 - MariaDB 10.5.13/10.6.5
Wampserver 3.3.0 64 bit - Apache 2.4.54.2 - PHP 8.2.0…7.4.33 - MySQL 5.7.40/8.0.31 - MariaDB 10.5.17/10.10.2
PhPMyadmin 5.2.0 - MysqlDumper 1.24.5 on W10 Pro 64 bit
Documentation Apache - Documentation PHP - Documentation MySQL - Wampserver install files & addons
« Ce n'est pas parce qu'ils sont nombreux à avoir tort, qu'ils ont forcément raison. Coluche »
« It's not because they are many to be wrong, they are necessarily right. Coluche »
Edited 1 time(s). Last edit at 11/18/2018 01:28PM by Otomatic.
Re: Reporting Vulnerability
Posted by:
Otomatic
(Moderator)
Date: November 19, 2018 03:16PM
Hi,
> Update 3.1.5 :
> Fix security vulnerability (XSS) found by Franciny Salles in index.php page
For those who still have doubts about the need to perform updates, even locally, if you are still in version 3.1.4 or less, perform this test:
- Launch Wampserver
Clic on this url : [localhost] that will open the homepage of Wampserver (localhost)
With the mouse cursor, go to the bottom of the page on Add a VirtualHost
In this case, it's just to show something nice, but a malicious person can put a very bad script.
------------------------------------------------------------------------------------------------------------
Wampserver 3.3.0 32 bit - Apache 2.4.54.2 - PHP 8.2.0…7.4.33 - MySQL 5.7.40 - MariaDB 10.5.13/10.6.5
Wampserver 3.3.0 64 bit - Apache 2.4.54.2 - PHP 8.2.0…7.4.33 - MySQL 5.7.40/8.0.31 - MariaDB 10.5.17/10.10.2
PhPMyadmin 5.2.0 - MysqlDumper 1.24.5 on W10 Pro 64 bit
Documentation Apache - Documentation PHP - Documentation MySQL - Wampserver install files & addons
« Ce n'est pas parce qu'ils sont nombreux à avoir tort, qu'ils ont forcément raison. Coluche »
« It's not because they are many to be wrong, they are necessarily right. Coluche »
Edited 1 time(s). Last edit at 11/19/2018 07:49PM by Otomatic.
> Update 3.1.5 :
> Fix security vulnerability (XSS) found by Franciny Salles in index.php page
For those who still have doubts about the need to perform updates, even locally, if you are still in version 3.1.4 or less, perform this test:
- Launch Wampserver
Clic on this url : [localhost] that will open the homepage of Wampserver (localhost)
With the mouse cursor, go to the bottom of the page on Add a VirtualHost
In this case, it's just to show something nice, but a malicious person can put a very bad script.
------------------------------------------------------------------------------------------------------------
Wampserver 3.3.0 32 bit - Apache 2.4.54.2 - PHP 8.2.0…7.4.33 - MySQL 5.7.40 - MariaDB 10.5.13/10.6.5
Wampserver 3.3.0 64 bit - Apache 2.4.54.2 - PHP 8.2.0…7.4.33 - MySQL 5.7.40/8.0.31 - MariaDB 10.5.17/10.10.2
PhPMyadmin 5.2.0 - MysqlDumper 1.24.5 on W10 Pro 64 bit
Documentation Apache - Documentation PHP - Documentation MySQL - Wampserver install files & addons
« Ce n'est pas parce qu'ils sont nombreux à avoir tort, qu'ils ont forcément raison. Coluche »
« It's not because they are many to be wrong, they are necessarily right. Coluche »
Edited 1 time(s). Last edit at 11/19/2018 07:49PM by Otomatic.
Sorry, only registered users may post in this forum.
