← Advisories

WampServer <= 2.2c (lang) Remote Cross-Site Scripting Vulnerability

Medium

Advisory ID

ZSL-2012-5072

Release Date

17 February 2012

Vendor

Alter Way - http://www.wampserver.com

Affected Version

<= 2.2c (32/64bit)

CVE

N/A

Tested On

Microsoft Windows XP Professional SP3 (EN) 32bit, Microsoft Windows 7 Ultimate SP1 (EN) 64bit

Summary

WampServer is a Windows web development environment. It allows you to create web applications with Apache2, PHP and a MySQL database.

Description

WampServer is vulnerable to cross-site scripting vulnerability. This issue is due to the application's failure to properly sanitize user-supplied input thru the 'lang' parameter (GET) in index.php script. An attacker may leverage any of the cross-site scripting issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials, phishing as well as other attacks.

/index.php:
----------------
265: if (isset ($_GET['lang']))
266: {
267:     $langue = $_GET['lang'];
268: }

Proof of Concept

wampserver_xss.txtTXT

Disclosure Timeline

13.02.2012Vulnerability discovered.

16.02.2012Vendor notified of the vulnerability.

17.02.2012Public security advisory released.

20.02.2012Vendor releases version 2.2d.

Credits

Vulnerability discovered by Gjoko Krstic

References

[1]https://www.zeroscience.mk/#/advisories/ZSL-2010-4926

[2]http://packetstormsecurity.org/files/109857

[3]http://www.securityfocus.com/bid/52054

[4]http://cxsecurity.com/issue/WLB-2012020150

[5]http://xforce.iss.net/xforce/xfdb/56417

Changelog

17.02.2012Initial release

18.02.2012Added reference [4]

21.02.2012Added reference [5]

07.03.2012Added vendor status.