Title XAMPP 'cds.php' SQL Injection vulnerability
Provided and/or Discovered By:
Jaykishan Nirmal from Aujas Networks
Release Date:
3rd October, 2008
Class
Input Validation Error
Risk
High
Remotely Exploitable
Yes
Locally Exploitable
Yes
Vulnerable File
http://www.example.com/xampp/cds.php
Exploit/Proof of Concept:
http://www.example.com/xampp/cds.php?action=del&id=1 or 1
Technical Details
In PHP-script called 'cds.php', parameter 'id' is vulnerable to SQL Injection attacks.
Input passed to the 'id' parameter in 'cds.php' isn't properly sanitized before being used in a
SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code
which can delete all CD record(s) stored in database.
This issue is due to a failure of the application to properly sanitize user-supplied input prior to
including it in dynamically generated Web content.
Vulnerable Versions:
XAMPP v1.6.8 (Earlier versions might be affected)
Platform:
Windows (Others might be affected)
Reference(s)
XAMPP Home Page – http://www.apachefriends.org/en/xampp.html
SecurityFocus – http://www.securityfocus.com/bid/31564
Report Timeline(s)
02-10-2008: Aujas Networks notifies XAMPP development team about vulnerability
02-10-2008: Vendor response
Contact
Jaykishan.nirmal [at] aujas [dot] com