Vulnerabilities > CVE-2005-1077 - Remote HTML Injection vulnerability in XAMPP CDS.PHP

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

xampp

nessus

exploit available

NVD

Published: 2005-04-12

Updated: 2016-10-18

Summary

Multiple cross-site scripting (XSS) vulnerabilities in XAMPP 1.4.x allow remote attackers to inject arbitrary web script or HTML via (1) cds.php, (2) Guestbook-EN.pl, or (3) phonebook.php.

Vulnerable Configurations

Part	Description	Count
Application	Xampp Xampp Apache Distribution 0.1 Xampp Apache Distribution 0.2 Xampp Apache Distribution 0.3 Xampp Apache Distribution 1.4.1 Xampp Apache Distribution 1.4.2 Xampp Apache Distribution 1.4.3 Xampp Apache Distribution 1.4.4 Xampp Apache Distribution 1.4.5 Xampp Apache Distribution 1.4.6 Xampp Apache Distribution 1.4.7 Xampp Apache Distribution 1.4.8 Xampp Apache Distribution 1.4.9 Xampp Apache Distribution 1.4.10 Xampp Apache Distribution 1.4.10A Xampp Apache Distribution 1.4.11 Xampp Apache Distribution 1.4.12 Xampp Apache Distribution 1.4.13	17

Exploit-Db

description	XAMPP Phonebook.PHP Multiple Remote HTML Injection Vulnerabilities. CVE-2005-1077. Remote exploits for multiple platform
id	EDB-ID:25391
last seen	2016-02-03
modified	2005-04-12
published	2005-04-12
reporter	Morning Wood
source	https://www.exploit-db.com/download/25391/
title	XAMPP Phonebook.PHP Multiple Remote HTML Injection Vulnerabilities

Nessus

NASL family	CGI abuses
NASL id	XAMPP_MULTIPLE_VULNS.NASL
description	The remote host is running XAMPP, an Apache distribution containing MySQL, PHP, and Perl. It is designed for easy installation and administration. The remote version of this software contains security flaws and password disclosure weaknesses that could allow an attacker to perform cross-site scripting attacks against the remote host or to gain administrative access on the remote host if no password has been set.
last seen	2020-06-01
modified	2020-06-02
plugin id	18036
published	2005-04-13
reporter	This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/18036
title	XAMPP < 1.4.14 Multiple Vulnerabilities
code	# # (C) Tenable Network Security # include("compat.inc"); if (description) { script_id(18036); script_version("1.21"); script_cve_id("CVE-2005-1077", "CVE-2005-1078", "CVE-2005-2043"); script_bugtraq_id(13131, 13128, 13127, 13126, 13982, 13983); script_name(english:"XAMPP < 1.4.14 Multiple Vulnerabilities"); script_set_attribute(attribute:"synopsis", value: "The remote host contains several applications that may use default passwords and be prone to cross-site scripting and directory traversal attacks." ); script_set_attribute(attribute:"description", value: "The remote host is running XAMPP, an Apache distribution containing MySQL, PHP, and Perl. It is designed for easy installation and administration. The remote version of this software contains security flaws and password disclosure weaknesses that could allow an attacker to perform cross-site scripting attacks against the remote host or to gain administrative access on the remote host if no password has been set." ); script_set_attribute(attribute:"see_also", value:"https://marc.info/?l=full-disclosure&m=111330048629182&w=2" ); script_set_attribute(attribute:"see_also", value:"http://sourceforge.net/project/shownotes.php?release_id=335710" ); script_set_attribute(attribute:"solution", value: "Upgrade to XAMPP 1.4.14 or newer." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"plugin_publication_date", value: "2005/04/13"); script_set_attribute(attribute:"vuln_publication_date", value: "2005/04/12"); script_cvs_date("Date: 2018/11/15 20:50:19"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); summary["english"] = "Checks for the version of XAMPP"; script_summary(english:summary["english"]); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc."); script_dependencie("http_version.nasl"); script_require_ports("Services/www", 80); script_exclude_keys("Settings/disable_cgi_scanning"); script_require_keys("www/PHP"); exit(0); } include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); port = get_http_port(default:80); if (!can_host_php(port:port)) exit(0); r = http_send_recv3(method: "GET", item:"/xampp/start.php", port:port); if (isnull(r)) exit(0); res = r[2]; if ( egrep(pattern:"(Bienvenido a\|Willkommen zu\|Welcome to) XAMPP .* 1\.([0-3]\.\|4\.[0-9][^0-9]\|4\.1[0-3][^0-9])", string:res) ) { security_warning(port); set_kb_item(name: 'www/'+port+'/XSS', value: TRUE); }

Summary

Vulnerable Configurations

Exploit-Db

Nessus

References