WampServer
Apache, PHP, MySQL
on Windows
Reporting Vulnerability
Posted by:
fransalles
(---.virtua.com.br)
Date: November 17, 2018 08:56PM
Hi,
I want to report I found a XSS and HTTP Parameter Pollution on a main panel. May I post the complete payload here? I have a video too.
Edited 1 time(s). Last edit at 11/17/2018 08:57PM by fransalles.
I want to report I found a XSS and HTTP Parameter Pollution on a main panel. May I post the complete payload here? I have a video too.
Edited 1 time(s). Last edit at 11/17/2018 08:57PM by fransalles.
Re: Reporting Vulnerability
Posted by:
Otomatic
(Moderator)
Date: November 17, 2018 09:38PM
Hi,
I just sent you a message by Private Message from the forum with the email address where you can get in touch.
Fix will be with update 3.1.5
---------------------------------------------------------------
Documentation Apache - Documentation PHP - Documentation MySQL - Wampserver install files & addons
Edited 1 time(s). Last edit at 11/18/2018 01:28PM by Otomatic.
I just sent you a message by Private Message from the forum with the email address where you can get in touch.
Fix will be with update 3.1.5
---------------------------------------------------------------
Documentation Apache - Documentation PHP - Documentation MySQL - Wampserver install files & addons
Edited 1 time(s). Last edit at 11/18/2018 01:28PM by Otomatic.
Re: Reporting Vulnerability
Posted by:
Otomatic
(Moderator)
Date: November 19, 2018 03:16PM
Hi,
> Update 3.1.5 :
> Fix security vulnerability (XSS) found by Franciny Salles in index.php page
For those who still have doubts about the need to perform updates, even locally, if you are still in version 3.1.4 or less, perform this test:
- Launch Wampserver
Clic on this url : [localhost] that will open the homepage of Wampserver (localhost)
With the mouse cursor, go to the bottom of the page on Add a VirtualHost
In this case, it's just to show something nice, but a malicious person can put a very bad script.
---------------------------------------------------------------
Documentation Apache - Documentation PHP - Documentation MySQL - Wampserver install files & addons
Edited 1 time(s). Last edit at 11/19/2018 07:49PM by Otomatic.
> Update 3.1.5 :
> Fix security vulnerability (XSS) found by Franciny Salles in index.php page
For those who still have doubts about the need to perform updates, even locally, if you are still in version 3.1.4 or less, perform this test:
- Launch Wampserver
Clic on this url : [localhost] that will open the homepage of Wampserver (localhost)
With the mouse cursor, go to the bottom of the page on Add a VirtualHost
In this case, it's just to show something nice, but a malicious person can put a very bad script.
---------------------------------------------------------------
Documentation Apache - Documentation PHP - Documentation MySQL - Wampserver install files & addons
Edited 1 time(s). Last edit at 11/19/2018 07:49PM by Otomatic.
Sorry, only registered users may post in this forum.
