This document summarizes vulnerabilities found in popular local web development environments like XAMPP, and how they can be exploited to perform cross-site scripting (XSS) and SQL injection attacks. It describes how an attacker could use XSS to upload a JavaScript file, add it to the page head, and then execute commands by communicating with a control server over JSONP. The script would then use the vulnerabilities in phpMyAdmin to create a web shell file and delete itself, allowing the attacker to hard-code commands to steal system information from the victim.