Reporting Vulnerability
Posted by: fransalles (---.virtua.com.br)
Date: November 17, 2018 08:56PM

Hi,
I want to report I found a XSS and HTTP Parameter Pollution on a main panel. May I post the complete payload here? I have a video too.



Edited 1 time(s). Last edit at 11/17/2018 08:57PM by fransalles.

Options: ReplyQuote
Re: Reporting Vulnerability
Posted by: Otomatic (Moderator)
Date: November 17, 2018 09:38PM

Hi,

I just sent you a message by Private Message from the forum with the email address where you can get in touch.

Fix will be with update 3.1.5

------------------------------------------------------------------------------------------------------------
Wampserver 3.1.6 32 bit - Apache 2.4.37 - PHP 7.3.0/7.2.13/7.1.25/7.0.33/5.6.39 - MySQL 5.7.23 - MariaDB 10.3.11
Wampserver 3.1.6 64 bit - Apache 2.4.37 - PHP 7.3.0/7.2.13/7.1.25/7.0.33/5.6.39 - MySQL 5.7.23 - MariaDB 10.3.11
PhPMyadmin 4.8.3 - MysqlDumper 1.24.5
on W10 and W7 Pro 64 bit
Documentation Apache - Documentation PHP - Documentation MySQL - Wampserver install files & addons
« Ce n'est pas parce qu'ils sont nombreux à avoir tort, qu'ils ont forcément raison. Coluche »
« It's not because they are many to be wrong, they are necessarily right. Coluche »



Edited 1 time(s). Last edit at 11/18/2018 01:28PM by Otomatic.

Options: ReplyQuote
Re: Reporting Vulnerability
Posted by: Otomatic (Moderator)
Date: November 19, 2018 03:16PM

Hi,

> Update 3.1.5 :
> Fix security vulnerability (XSS) found by Franciny Salles in index.php page

For those who still have doubts about the need to perform updates, even locally, if you are still in version 3.1.4 or less, perform this test:
- Launch Wampserver

Clic on this url : [localhost] that will open the homepage of Wampserver (localhost)

With the mouse cursor, go to the bottom of the page on Add a VirtualHost

In this case, it's just to show something nice, but a malicious person can put a very bad script.

------------------------------------------------------------------------------------------------------------
Wampserver 3.1.6 32 bit - Apache 2.4.37 - PHP 7.3.0/7.2.13/7.1.25/7.0.33/5.6.39 - MySQL 5.7.23 - MariaDB 10.3.11
Wampserver 3.1.6 64 bit - Apache 2.4.37 - PHP 7.3.0/7.2.13/7.1.25/7.0.33/5.6.39 - MySQL 5.7.23 - MariaDB 10.3.11
PhPMyadmin 4.8.3 - MysqlDumper 1.24.5
on W10 and W7 Pro 64 bit
Documentation Apache - Documentation PHP - Documentation MySQL - Wampserver install files & addons
« Ce n'est pas parce qu'ils sont nombreux à avoir tort, qu'ils ont forcément raison. Coluche »
« It's not because they are many to be wrong, they are necessarily right. Coluche »



Edited 1 time(s). Last edit at 11/19/2018 07:49PM by Otomatic.

Options: ReplyQuote


Sorry, only registered users may post in this forum.